Cybercrime Cripple Hospitals Worldwide and Expose Millions of Patient Records

If your personal data is a gold mine, your medical record is a diamond’s worth for cybercriminals. When worldwide healthcare facilities are in full crisis mode, bad actors roll up their sleeves and do what they know best in full force. Healthcare organizations suffered dozens of attacks and data breaches on every continent over the last year and a half like never before.

Chances are the rising trend of attacks will continue, putting at high risk anyone’s personal identifiable information, including yours. Not only that your data can be sold for profit, but you could be the victim of identity theft. In the worst-case scenario, attackers can even manipulate and change medical scans or test results, literally putting your health at risk. It sounds like something ahead of our time, but it’s quite a valid case.

Here’s a look at the whole picture of cyberattacks in the healthcare sector and why they’re a serious concern.

Healthcare Organizations Lack Cybersecurity Response Plan

Healthcare organizations in the US have been the leading target for cybercrime. Hardly a day went by without news outlets covering at least one such incident. Several countries have been seriously hit as well, including the UK, Germany, France, Singapore, and others.

According to a recent study, almost half of the surveyed American healthcare organizations aren’t almost at all prepared for a cyberattack. They lack an incident response plan even though they reported and confirmed an increase of over 70% in the number of confirmed data breaches. Without a doubt, the pandemic amplified the rise in these security incidents.

Within 2020, data breaches from hospitals and health care facilities exposed 12 billion pieces of protected health information (PHI). Although many hospitals admitted having experienced at least one data breach in the past, only a small number of them has managed to apply tighter security measures such as performing vulnerability tests or limiting network access.

Despite being aware of the problem, the priority for healthcare organizations was and still is to handle patient care, especially in these trying times.

causes US hospitals data breaches   Source: HIPPA Journal, Causes of US Healthcare Data Breaches 2021

Examples of Healthcare Data Breaches

Whether successful phishing scams, ransomware attacks or unsecured network or data, hospitals were caught off guard. Here are just some of the most recent attacks that involved healthcare organizations:

Oct, 2021

A third-party vendor data breach discloses 400,000 customer data

A Singapore-based healthcare firm Fullerton Health has reported a security breach incident at one of their vendors that helps the company manage patient appointments and bookings. The outcome of the breach was a data leak of 400,000 customer records. Cyber crooks put customer records for sale on a dark web forum for the equivalent sum of $600 in Bitcoin.
Oct, 2021

Phishing emails led to a breach exposing over 200,000 patient records

UMass Memorial Health has notified 209,000 patients that their personal and health information was potentially compromised. The American hospital first discovered the incident in January 2021, but representatives of the organization officially reported it nine months later, after its staff had made several investigations. In this case, in response to phishing emails, an unauthorized user accessed several email accounts for over six months. Disclosed personal information included patient names, medical record numbers, health insurance details, clinical data, treatments, dates of birth, diagnoses, and procedures, among other data.
Sept, 2020

A ransomware caused the death of a hospitalized woman

A woman hospitalized for emergency treatment at University Hospital in Düsseldorf, Germany, died after a ransomware attack. It all happened when the medical staff uncovered the hospital had over 30 servers encrypted. They also found a message telling Heinrich Heine University, to which the Düsseldorf hospital is affiliated, to contact the attackers. As a result, the ransomware attack paralyzed the hospital’s services and forced doctors to transfer the woman to a more distant hospital. She died soon after the transfer to the other clinic. Eventually, the police concluded the attackers were actually targeting Heine University, not the hospital, and presumably made a mistake. They withdrew their ransom demand and provided the hospital staff with the encryption keys to unlock the servers.

The High Cost of Leaked Patient Data

According to the 2021 Cost of a Data Breach report, the average price of a data breach went up from $7.13 million in 2020 to $9.23 million in 2021. This sum represents a significant effort for a healthcare organization that is already experiencing challenging moments, including in terms of overall financial costs. Health systems and facilities have been dealing with increased costs for treating COVID-19 patients and for all medical procedures.

The conclusion is simple: hospitals need to implement robust cybersecurity measures, and to take the preventive, not the reactive path.

On the other side, the value of your healthcare data can lead up to $250 per record on the black market, while for you, personal information is priceless.

You can’t always control how companies or even public organizations manage and secure your data. Whenever you can, though, rely on a VPN and a good private browser to avoid being tracked online. No one will be able to see your browsing history or follow your digital tracks.

Use our ID Guard and see if your email addresses have been compromised. CyberGhost ID Guard will alert you if your email addresses were part of a data breach.

Last but not least, check additional internet safety tips.

 

Did you ever find out your patient records were part of a data leak?

Let me know in the comments section below.

Leave a comment

Write a comment

Your email address will not be published. Required fields are marked*