The why & how of cybersecurity in healthcare

Why cybersecurity is critical to the healthcare business, especially now!

In today’s electronic world, protecting information from hackers and fraudsters is critical. Due to the nature of data stored in EHR, decision-support, radiology information systems and many others, as well as in clinical laboratories, hackers are targeting healthcare providers in an attempt to steal the data and sell it on the dark web and to bring down systems using ransomware attacks. These data breaches are costing the healthcare industry billions every year.

One challenge for cybersecurity in healthcare is that many health entities still use legacy systems that are no longer supported by the vendor, thus exposing them to security vulnerabilities. Right now, it is crucial for healthcare organisations to invest in strong cybersecurity technologies and secure data stores, and establish a security culture.


During COVID times, every stakeholder in the healthcare system felt the need to share and receive critical patient information in real time. But they were unable to do so due to the many inadequacies in the healthcare system and bad practices of information blocking. A patch and go mindset has been applied to most of the legacy systems, with features being built on top of existing architecture in which security and secure data-sharing was always an afterthought.

The cost of healthcare data breaches was over $4 billion in 2019 according to Black Book Market Research; in the year 2020, the total costs of such breaches rose to more than $13 billion. In that same year, the average cost of a single data breach for the healthcare industry was $7.13 million. Healthcare data sold on the dark web costs anywhere between a few cents to a couple of thousand dollars per piece of data per patient and is more expensive than credit card numbers.

According to HIPAA Journal, 2020 was the worst ever year for healthcare industry data breaches, with 616 data breaches of 500 or more records reported to the U.S. Department of Health and Human Services’ Office for Civil Rights. Some 28,756,445 healthcare records were exposed in those breaches, making 2020 the third worst year ever in terms of the number of breached healthcare records. One high-profile example was the massive data breach experienced in 2020 by the cloud service provider Blackbaud Inc. Hackers gained access to the provider’s systems and stole customer fundraising databases before deploying ransomware. Blackbaud was issued with a ransom demand and a threat that the stolen data would be published if the ransom were not paid.

Below is a list of 2020’s largest healthcare data breaches:

  • Trinity Health – 3,320,726 individuals
  • MEDNAX Services, Inc. – 1,290,670 individuals
  • Inova Health System – 1,045,270 individuals
  • Magellan Health Inc. – 1,013,956 individuals
  • Dental Care Alliance – 1,004,304 individuals
  • Luxottica of America Inc. – 829,454 individuals
  • Northern Light Health – 657,392 individuals
  • Health Share of Oregon – 654,362 individuals
  • Florida Orthopaedic Institute – 640,000 individuals
  • Emergency Physicians – 550,000 individuals
  • Aetna ACE – 484,157 individuals
  • Saint Luke’s Foundation – 360,212 individuals
  • NorthShore University Health System – 348,746 individuals
  • SCL Health Colorado – 343,493 individuals
  • AdventHealth – 315,811 individuals
  • Nuvance Health – 314,829 individuals
  • Magellan Rx Management – 314,704 individuals
  • The Baton Rouge Clinic – 308,169 individuals

The poor state of healthcare cybersecurity was highlighted by a survey of healthcare security professionals conducted in late 2019 by Black Book Market Research. Some of the key findings of the survey were as follows:

  • 96% of IT professionals said threat actors are outpacing medical enterprises.
  • 35% of healthcare organisations did not scan for vulnerabilities before an attack.
  • 87% of healthcare organisations have not had a cybersecurity drill with an incident response process.
  • 40% of providers surveyed do not carry out measurable assessments of their cybersecurity status.
  • 26% of hospital respondents and 93% of physician organisations currently report that they do not have an adequate solution to instantly detect and respond to an organisational attack.
  • 94% of hospitals have not augmented their cybersecurity protection since their last breach.
  • More money is being spent on marketing to repair damaged reputations after a breach than is spent on combating the consequences of data breaches.

The top cybersecurity threats identified in 2020 were:

  • Ransomware attacks
  • IoT attacks
  • Cloud attacks
  • Phishing attacks
  • Blockchain and cryptocurrency attacks
  • Software vulnerabilities
  • Machine learning and AI attacks
  • BYOD policies
  • Insider attacks
  • Outdated hardware

Some other common threats include:

  • Social Engineering
  • Malware
  • Denial of Service (DoS)
  • Man-In-The-Middle (MITM) attack
  • SQL Injection
  • Brute Force


We have seen how big an impact a data breach can have on businesses. Mitigating this risk calls for a holistic and phased cybersecurity approach, which includes:

Immediate actions

  • Assessing the current state of security.
  • Setting up security check and controls to secure from immediate threats.
  • Setting up a monitoring system.

Short-term goals

  • Identifying security use cases and establishing a cybersecurity framework based on existing industry guidelines and best practices to manage and reduce cybersecurity risks.
    • ISO 27001/27002 and 27110
    • CIS Critical Security Controls
    • NIST Framework
  • User Anomaly Detection with industry-leading tools like Exabeam, Securonix, Splunk, etc.
  • Setting up stronger and proactive data leak, storage and access monitoring with 360-degree visibility is crucial.
  • Ensuring that security policies and standards are current/up to date and enforced within the organisation.
  • Compliance with privacy, audit needs and regulations like HIPAA to protect member data.
  • Disaster recovery planning.

Long-term strategy

  • Fostering a security culture within the organisations. Ongoing training of users as well as of employees is crucial.
  • Monitoring insider threats and drawing insights from behaviour analytics.
  • Building patient-centric (patient in context) threat intelligence.
  • Organisations should invest in integrating and potentially transforming their legacy systems with up-to-date and more secure technologies and infrastructure.
  • Secure data-sharing technologies should be used.
  • Taking these steps will ultimately lead to long-term value for money outcomes with improved customer confidence and satisfaction.

Devesh-Agarwal circle-1

This article was provided to you by Decos, a cutting-edge partner ready to meet your software needs in the medical domain. We love to get in touch with you! A question on one of our projects, and advice on your project or a POC, just contact me and let’s connect.

Plan an online introduction