Lauren Horne photo
Lauren Horne
Apr 22, 2020

Healthcare professionals in a meeting room

The healthcare system is an intimate part of a person’s life and healthcare organizations play a vital role in the well-being of a society. When cyber criminals attack the healthcare sector, the damage reaches far beyond capital losses— though the pocketbook is hit hard. At best, revenue and trust are lost. At worst, healthcare data breaches could mean life or death for patients. As the industry evolves and relies more and more on modern IT infrastructures and an extended ecosystem of connected medical devices, healthcare security is more critical than ever.


The Value of Protected Health Information (PHI)

For cyber criminals, protected health information and medical records contain troves of valuable personal data:

  • Social security numbers to steal an identity
  • Credit card information to make fraudulent purchases
  • Deeply personal health details to blackmail and extort
  • Insurance information to obtain treatments and prescriptions

When credit card or bank account numbers are stolen, the victim can quickly change or replace them. However, the information contained in healthcare records (such as addresses, birth dates, prescription information, and diagnosis codes) cannot be altered. Once the details of a medical record are exposed, irreparable damage is done.

Hackers Pay Up to $1000 Per Health Record

This explains why cyber criminals will pay 25 cents for a credit card number but up to $1000 for a medical record. This also explains why healthcare organizations should invest in the right security approaches to protect such valuable assets. If not, data breaches cost healthcare organizations $408 per health record, while they lose on average $2.2 Million per breach.


Infographic: Average cost of a data breach for healthcare organizations


The Aftermath of Healthcare Cyber Attacks

According to a new report from Corvus, ransomware attacks against healthcare providers increased by 350% during the last quarter of 2019. These incidents also involve indirect expenses that can add up quickly.

Indirect Expenses Typically Include:

  • Breach notification - an average cost of $210,000
  • Breach response - an average cost of $1.1 million
  • Loss of business - an average cost of 1.42 million 

Intangible Costs 

The theft of patient records is only one threat healthcare organizations must worry about. Once systems and patient data are taken hostage in a ransomware attack, organizations can be forced to pay monstrous amounts to purchase a decryption key and gain back control.

Until payment is made and systems are back up, healthcare providers are left without access to critical software for patient care. For hospitals, the inability to access data can be a life or death situation.

Long after a healthcare data breach or ransomware attack is over, organizations are also left to navigate intangible costs, such as reputational damage and the loss of goodwill. 


Infographic: Indirect expenses of a data breach for healthcare providers


How to Prevent a Data Breach

Act and Get Ahead of Criminals

For healthcare providers, protecting IT infrastructures isn’t just a cyber security challenge – it is a medial one. Modern IT infrastructure is more than just servers and PCs, it extends to all the connected devices used inside and outside of healthcare organizations. From patients self-serving through mobile apps on their own phones to doctors using tablets to view patients records, every part of this extended ecosystem must be protected. 

Getting ahead of cyber criminals means more than just compliance. In a study conducted by the Ponemon Institute, researchers found that organizations that extensively deploy automated security technologies save over $1.5 million on the total cost of a breach.

Match Threats to the Right Security Solutions

In order to patch vulnerabilities, build a stronger barrier, and minimize cybercrime in the healthcare sector, organizations must adapt and implement specialized strategies when it comes to cybersecurity. Intelligent, automated security solutions include multi-factor authentication, code obfuscation, anti-tampering technology for apps, and layered protection to protect patient data on all fronts, from all attack types The numbers prove that an investment in code protection is well worth the cost.