As technology has advanced and the world has become more interconnected, the threat of cyber-attacks has become a significant concern for businesses, smaller healthcare organisations, governments, civil rights and individuals alike. While cyber-attacks can target any sector, healthcare organisations have become an increasingly attractive target for cybercriminals in recent years.
Healthcare organisations store vast amounts of sensitive patient information on computer systems, making them a lucrative target for cybercriminals looking to steal or exploit valuable data. The aftermath of a successful cyber attack on the health system can be devastating. Patients’ PII (personally identifiable information), including their medical treatment information, patient names, dates of birth, social security numbers, financial data, health plans, health insurance information etc., can be stolen and put on sale on the dark web.
PHI (Protected Health Information) is amongst the most valued data in dark web / underground markets except for crypto.
Moreover, a cyber attack on a patient portal health insurance information system can disrupt the delivery of patient care, potentially leading to dangerous consequences. Given the high stakes, healthcare organisations must proactively safeguard themselves from cyber attacks. Cyphere offers various cybersecurity assessment services to help businesses secure their assets.
In this article, we will examine the prevalence of cyber attacks on a healthcare group and system, explore the types of cyber threats that healthcare organisations are vulnerable to, and examine the impact of cyber attacks on healthcare organisations and patients’ private data. We will also look at the measures that health and human services providers can take to protect themselves and affected systems from cyber threats and the best security protocols for responding to a cyber attack.
Cyber attacks on healthcare, both health and human services
According to recent surveys and studies, the healthcare industry is one of the most targeted sectors for cyber attacks. A report by the Ponemon Institute found that the healthcare industry, in 2020, had the highest cost of data breaches of any industry, with an average price of $7.13 million per most significant data breach ever by a professional finance company. Additionally, the report says that the healthcare industry had the highest average cost per record, at $429 per record.
These statistics underscore the significant financial and reputational damage that can result from a cyber attack on health insurance information systems or healthcare organisations.
Key Findings – Threats to healthcare organisations 2023 overview
- Healthcare service providers globally faced the top 3 threats, with data exfiltration being one of them.
- The UK and Australia saw an increase in healthcare cyberattacks in 2022.
- Suspicious network scanning was the most common attack type globally in healthcare in 2022, which was an initial phase of a cyber-attack.
- Of 693 healthcare data breaches in 2022, 607 are still under ongoing investigation by law enforcement.
- A malware incident has impacted over 1.24 million patient records at the Baptist Medical Center in Texas.
- From 2016 to 2021, ransomware attacks doubled from 43 to 91 annually.
- 44.4% of healthcare organisations faced disruptions in the delivery of healthcare.
- 8.6% of the cohort experienced operational troubles for over two weeks due to cyber attacks.
- Around 20.6% of healthcare organisations were able to restore data from backups.
- Electronic system downtime is a joint disruption, with 41.7% of healthcare service providers reporting this issue in 2022.
- Another joint disruption is the cancellation of scheduled care by 10.2% of healthcare service providers.
- Ambulance diversion was also a reported disruption, with 4.3% of healthcare service providers experiencing this issue.
- IT security incidents accounted for over three-quarters (78.5%) of the 693 healthcare data breaches reported in 2022.
Healthcare data breaches – An industry view
The healthcare industry faces a considerable risk from data breaches as they can result in the theft of critical patient data, including medical records, full patient names and ids, insurance information, and social security numbers. This sensitive information and stolen data are often exploited for fraudulent activities such as identity theft, leading to severe consequences. In addition to financial loss, such data theft and breaches can also harm the reputation of healthcare organisations, which may erode patient trust in human services offices in the long term.
- From January 1st to October 31st 2022, 594 data breaches were reported by the HHS’ Office for Civil Rights.
- On average, 60 data breaches are reported each month.
- In 2022, the healthcare industry was targeted in 25% of ransomware attacks, according to FBI data.
- Recent research by Ponemon showed that 12% of attacks originated from IoT devices.
- Hospitals accounted for 30% of all the most significant data breaches.
- The Anthem Breach affected nearly 80 million patients.
- Advocate Aurora Health, a prominent healthcare provider in the Chicago region, has reported a potential data breach that may have compromised the sensitive data of approximately 3M patients.
- 18% of teaching hospitals and 6% of paediatric hospitals experienced data breaches.
- There is a 75.6% probability of at least five million records being breached in the healthcare sector within the following year.
- Unauthorised access or disclosure accounts for 34% of healthcare data breaches.
- The healthcare industry was at risk of exceeding 50.4 million breached patient medical data in 2021.
- Among the 14 critical infrastructure industries, the healthcare and public health sectors had the most ransomware reports in 2021, with 148 out of 649 attacks.
- Security breaches will cost healthcare companies $6 trillion by the end of 2020.
- Over 2100 healthcare data breaches have been reported in the US since 2009.
- Between March 2021 and February 2022, hacking incidents exposed at least 42 million records in the healthcare industry.
- The number of exposed records decreased from 4.1 million in March 2021 to 2.2 million in February 2022.
- Lost or stolen PHI may cost the US healthcare industry up to US$7 billion yearly.
- There is a 75% chance of a breach of at least five million records occurring in the next year.
- A 25% chance of an Anthem-sized breach (80+ million records) is expected within the next three years.
- 60-80% of data breaches in the healthcare industry go unreported.
- 66% of organisations consider malicious insider attacks or accidental breaches more likely than external attacks.
- Over 1,400 breaches were negligent, and about 700 were malicious, according to a study.
- 39% of healthcare organisations discovered a breach months after, providing cybercriminals with time to achieve their objectives while victims remain unaware.
- The healthcare sector has the highest cost of data breaches among all industries, which is $408 per record.
- Around 47% of data breaches in the healthcare industry are caused by threat actors or various IT incidents, whereas 34% result from unauthorised access or disclosure.
- Negligent breaches, which occur twice as often as malicious ones, are the leading cause of data breaches in the healthcare industry.
Infographic – Healthcare cyber attack statistics
Healthcare cybersecurity market trends
- The healthcare cyber security market was valued at approximately USD 9395.86 million in 2021 in the entire world.
- By 2027, the market is estimated to reach nearly $22190.71M, indicating a significant growth potential.
- It isTheal healthcare cybersecurity market will is forecasted to have a CAGR of 15.40% from 2023-2028.
- The market is expected to experience substantial growth throughout the forecast period of 2023-2028.
Ransomware attacks statistics on the healthcare industry – Infographic
- 70% of malware attacks in 2022 were identified as ransomware, preventing hospitals from accessing critical systems like EHRs, and jeopardising patient care and safety.
- According to the Identity Theft Resource Centre (ITRC), phishing and related ploys are the most common cyberattack vectors, followed by ransomware.
- In the first quarter of 2022, the average ransomware attack payout was $211,259.

- Healthcare data breach statistics for 2022 indicate that ransomware payments decreased by 34% compared to Q4 2021.
- Cerber is the most prevalent ransomware, accounting for 58% of all threats. It seizes files and demands payment for their release.
- Sodinokibi ranks as the second most frequent ransomware, with 16% of attacks.
- VBCrypt, which targets Windows, comes in a close third with 14% of attacks.
- The Anthem Breach impacted nearly 80 million people. Anthem eventually settled for $116 million but did not admit wrongdoing.
- A of respondents think their organisations are susceptible to ransomware attacks.
- Ransomware is the top cybersecurity threat that concerns 60% of the respondents.
- Among the organisations that suffered from ransomware attacks in the last two years (41% of respondents), they experienced an average of three such incidents.
Statistics of how cyber attacks impacted patient safety and care delivery
- Most respondents (54%) reported poor outcomes due to delays in procedures and health assessments, such as increased illness severity.
- 23% of respondents noted an increase in mortality rate.
- 67% of respondents reported that patient care was disrupted due to a BEC attack and ransomware attack against their organisations.
- 21% of respondents stated that a BEC incident increased the mortality rate.
- 24% said that ransomware had the same effect.
- Delays in procedures and tests resulting in poor outcomes were reported by 64% of respondents in organisations that experienced a ransomware attack.
- 59% of respondents said ransomware caused more extended hospital stays, putting a strain on resources.
- 67% of respondents believed that cloud, mobile, big data, and IoT increase the risks to patient information and safety.
- 64% of respondents expressed concerns about the security of medical devices.
- 59% were worried about insecure mobile apps.
- Pacemakers and infusion pumps were cited as examples of medical devices that could potentially be vulnerable to an attack.
Miscellaneous statistics on the cyber security of the healthcare industry
- As per the Identity Theft Resource Center (ITRC) 2022 Data Breach Report, US healthcare organisations had 344 data breaches in 2022, making them the most compromised sector for the third consecutive year.
- Cynerio’s State of Healthcare IoT Device Security 2022 report states that 53% of connected healthcare systems are at risk of cybersecurity attacks.
- IV pumps and VoIP systems are the most vulnerable, with 38% and 50%, respectively.
- Weak or insecure passwords are the most accessible opportunities for compromise in healthcare.
- Stolen healthcare records account for 95% of identity theft, 25 times higher than cohabiting cards.
- A data security breach occurred at Shields Health Care Group, affecting over 2 million individuals and over 50 healthcare facilities.
- Broward health system suffered a security incident that affected 1.35 million patient records in 2022.
- In February 2022, 46 data breaches affected 2.5 million people.
- Healthcare data breaches cost businesses an average of $9.3 million per incident in 2021, representing a 29.5% rise from 2020.
- In comparison, other industries had median losses of $3.86 million in 2020 and $4.24 million in 2021.
- 59% of healthcare organisations plan to invest more in cybersecurity in 2022.
- 82% of organisations can’t determine the damage from an insider attack.
- A former American pharmaceutical company employee brazenly appropriated 12K confidential documents from the cloud before departing to a rival firm.
- A hospital worker from Texas was caught on camera setting up an HVAC unit backdoor that, if deactivated, could put employees and medication in peril.
- 88% of healthcare workers opened phishing emails.
- According to our findings, half of the physicians were classified as being at risk for a significant data breach – a sobering statistic indeed.
- Over six of ten data breach risks can be attributed to employee negligence.
- Of all the data breach risks, disgruntled personnel wielding emotion can be particularly damaging, accounting for 14% of such incidents.
- Third-party insiders are also a risk factor. 94% of organisations working with outsourcing companies have given them health system access, while 72% have advanced permissions.
- Astonishingly, one in four physicians cannot recognise the typical symptoms of malware.
- Compared to the standard across-sector average of $148 per record, healthcare data breaches come with a hefty price tag at an average cost of $408 – three times greater!
- A mere 6% of the healthcare industry’s budget is allocated to cybersecurity, a shockingly small investment given its potential risks.
- Tenable Network Security’s cybersecurity report found that the healthcare industry was only achieving 54% in telling cybersecurity assurance.
- Filling healthcare cybersecurity roles is significantly more time-consuming than underfilling IT jobs in other industries, with an average duration of 70% longer.
- In January 2021, healthcare data breaches in the US experienced an impressive 48% decrease!
- In January 2021, healthcare in America saw a nearly 50% reduction in data breaches compared to the month prior.
- It dropped from 62 in December 2020 to 32 in January 2021.
- In 2020, healthcare suffered close to 240 million hacking attempts.
- 71% of respondents said their organisations are vulnerable to a supply chain attack.
- 50% of organisations experienced at least one supply chain attack in the past two years.
- 64% of respondents said their organisations are vulnerable to a BEC incident.
- 51% of organisations experienced at least one such incident in the past two years.
- 60% of respondents use a combination of SoundCloud ions for user access and identity management, eluding separate identity management interfaces, unified interfaces, and single sign-on.
- Less than half of the respondents had documented steps to prevent and respond to BEC attacks (48%) and supply chain attacks (44%).
- Lack of in-house expertise (53%) and insufficient staff (46%) were challenged to effective cybersecurity posture.
- The three most essential steps to cybersecurity strategy were adaptive access controls, strong authentication controls, and support for multiple identity federation standards.
- Training and awareness programs (63%) and employee monitoring (59%) were the top two steps to reduce insider risk.
- 60% of respondents use threat intelligence in their cybersecurity strategy, with network traffic (57%), firewall/IPS traffic (53%), dark web data (46%), and user behaviour (44%) being the most commonly used types of threat intelligence.
- The average cost of the most expensive cyberattack experienced was $4.4 million.
- The lost productivity from the same attack cost an average of $1.1 million.
- 54% of respondents experienced at least one cloud compromise in the past two years, with an average of 22 such centres.
- The healthcare sector witnessed the highest percentage increase in cyberattacks in 2022, with a surge of 74% from the previous year.
- On average, the healthcare sector experienced 1,463 cyberattacks per week.
- The cost of a single phishing attack in the United States has risen to $14.8 million per year.
- Out of the 641 IT and IT security practitioners in healthcare organisations surveyed, 89% reported having encountered cyberattacks in the past 12 months, with an average of 43 attacks per week.
LargeMost significant breaches in the healthcare industry in 2020 and 2021
Covered entities are generally healthcare providers, health plans, health systems, healthcare organisations, and healthcare clearinghouses, which are involved in the hing of protected health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA) in the United States. HIPAA’s Privacy Rule and Security Rule establish national standards for protecting the privacy, security, and integrity of PHI held by covered entities and their business associates. The following covered entities are healthcare organisations that fell victim to some of the most significant data breaches reported in 2020 and 2021.
- The business associate in Florida successfully resolved a security breach that impacted over 4 million records.
- A health plan in Florida effectively dealt with a cyber attack that affected 3.5 million records.
- In California, a business associate investigated a data compromise that impacted over 2.5 million records.
- A healthcare service provider in Wisconsin resolved a security breach that compromised over 2.4 million patients’ medical records.
- Florida’s healthcare service provider suffered a data breach, resulting in a compromise of 1.7 million records.
- One of the business associates in Texas encountered a security compromise, which affected over 1.6 million healthcare data.
- A community health network suffered a data breach compromising 1.5 million patient records due to violating third-party tracking tools.
- Ohio’s healthcare provider dealt with a cyber security incident which compromised 1.4 million records.
- Georgia’s healthcare provider experienced a data breach, exposing 1.4 million records.
- In Nevada, a security incident affected a healthcare provider, compromising 1.3 million records.
- A New Mexico Healthcare Provider had its data compromised, affecting 1,228,093 records.
- A Maryland Healthcare Provider faced an email-related security breach that resulted in the compromise of 824,450 records.
- A New York Business Associate suffered a security breach that affected 753,107 records.
- A Healthcare Provider in Florida resolved a security breach that compromised 700,934 records.
- A California Health Plan resolved a security breach that compromised 688,603 records.
- An Arizona Business Associate resolved a security breach that impacted 685,574 records.
- A New York Healthcare Provider fell victim to an email-related security breach that compromised 1,269,074 records.
- A New York Business Associate reported an incident of data compromise, which impacted 1,210,688 records.
- An Oregon Healthcare Provider disclosed a security breach that impacted 750,500 records.
- A Washington Healthcare Provider suffered a security breach that compromised 688,000 records.
Wrapping up thoughts
To summarise, cyber attacks pose a significant risk to various industries, including healthcare. These attacks affect organisations and put patients’ sensitive information at risk. Despite the growing awareness of these risks, many health systems lack the resources and expertise to implement robust cybersecurity measures effectively. This puts them in danger of cyber attacks and potential legal and regulatory consequences for failing to protect patient data adequately.
To reduce the risks associated with cyber-attacks, healthcare organisations must adopt a proactive cybersecurity approach. This involves implementing security measures, conducting regular assessments of vulnerabilities and risks via a third-party vendor third party vendor third-party vendor, and providing sufficient training staff training. Playing with regulations such as HIPAA is vital, and healthcare service and health insurance providers must take necessary measures to secure patient data. The 45 CFR Section 164 Subsection D of the HIPAA Breach Notification Rule requires covered entities and the respective business associates to notify if a breach or unauthorised disclosure of unsecured protected health insurance information occurs.
On the other hand, potential HIPAA violations can result in legal penalties from regulatory bodies. Therefore, healthcare providers must remain plant security alert and proactive in safeguarding patients’ portals, their health system, and patient portals against data theft and unauthorised or unauthorised disclosure of sensitive patient information as the industry continues evolving.
References
- https://www.ibm.com/security/data-breach
- https://www.definitivehc.com/resources/healthcare-insights/largest-healthcare-data-breaches-in-2020-and-2021
- https://www.prnewswire.com/news-releases/darktrace-publishes-2022-cyber-attack-trend-data-for-energy-healthcare–retail-sectors-globally-301720810.html
- https://www.definitivehc.com/resources/healthcare-insights/most-common-healthcare-data-breaches
- https://aehis.org/h1-2022-healthcare-breach-report/
- https://www.verizon.com/business/resources/reports/dbir/2022/healthcare-data-breaches/
- https://cybersecurity.criticalinsight.com/healthcare-breach-report-h1-2022
- https://www.securitymagazine.com/articles/98810-global-cyberattacks-increased-38-in-2022
- https://www.beckershospitalreview.com/cybersecurity/cyberattacks-in-2022-and-what-hospitals-health-systems-can-learn-going-into-2023.html
- https://www.mordorintelligence.com/industry-reports/healthcare-cybersecurity-market
- https://www.healthcareitnews.com/news/half-ransomware-attacks-have-disrupted-healthcare-delivery-jama-report-finds
- https://tigerconnect.com/blog/2023-top-healthcare-cybersecurity-threats/
- https://news.sophos.com/en-us/2022/06/01/the-state-of-ransomware-in-healthcare-2022/
- https://www.armis.com/blog/5-healthcare-cybersecurity-predictions-for-2023/
- https://www.expertmarketresearch.com/reports/healthcare-cyber-security-market
- https://frgsystems.com/healthcare-finance-news/healthcare-cybersecurity-2023
- https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-us-tr-cyber-insecurity-healthcare-ponemon-report.pdf
- https://www.insiderintelligence.com/content/healthcare-cybersecurity-2023-hive-s-shutdown-good-news-cyberattacks-only-getting-worse
- https://healthitsecurity.com/news/global-cyberattacks-increased-by-38-last-year-healthcare-hit-hard
- https://www.hipaajournal.com/healthcare-data-breach-statistics/
- https://techjury.net/blog/healthcare-data-breaches-statistics/#gref
- https://www.cbsnews.com/chicago/news/advocate-aurora-health-data-breach-facebook-google/
- https://www.jdsupra.com/legalnews/shields-health-care-group-inc-announces-8019546/
- https://www.govinfosecurity.com/malware-breach-affects-12-million-medical-center-patients-a-19466
- https://fortifiedhealthsecurity.com/healthcare-cybersecurity-report-annual-horizon-reports/

Shahrukh, is a passionate cyber security analyst and researcher who loves to write technical blogs on different cyber security topics. He holds a Masters degree in Information Security, an OSCP and has a strong technical skillset in offensive security.