CS_BG-Image1

Why is the healthcare sector an attractive target for cyber and data breaches?

It has been reported that personal health information (PHI) is 50 times more valuable on the black market than other personal data such as financial information. While financial information such as credit card numbers can be changed, PHI usually follows one throughout their lifespan. PHI is valuable because criminals can use it to target victims with frauds and scams that take advantage of the victim’s medical conditions or victim settlements. It can also be used to create fake insurance claims, allowing for the purchase and resale of medical equipment. Some criminals also use PHI to illegally gain access to prescriptions for their own use or resale.

Within the healthcare ecosystem, there exist patient-specific assets and hospital/organisational-specific assets (Table 1). Patient health is listed as the highest priority asset to be protected; other hospital or organisation-specific assets may indirectly affect patient health – for instance, attacks against hospital assets can i) indirectly disrupt patient care, ii) raise the cost of healthcare, or iii) hinder the progression of the industry towards beneficial care potential.

Table 1: List of Patient Assets and Hospital/Organisational-specific Assets

Patient Assets Hospital / Organisation-specific Assets
Patient Health Research / Intellectual Property 
Patient Records  Business Advantage 
Service Availability Hospital Finances 
Community Confidence Hospital / Physician Reputation 

Cyber-attacks on healthcare records, IT systems and medical devices are a major cause for concern for our healthcare providers, ranging from hospitals, nursing homes, clinical laboratories, medical chains to group and solo medical and dental practices. Hence, it is essential for all healthcare organisations to prioritise efforts to raise their cybersecurity and data security postures and put in the required resourcing and manpower to enable this.

Source: Cybersecurity Ventures
Center for Internet Security: Data Breaches in the Healthcare Sector
Adapted from 2016 Independent Security Evaluators (ISE) Report – Securing Hospitals: A research study and blueprint