Lead Machine Pink 160x1200

Lead Machine Pink 160x1200

iTWire TV 705x108

Thursday, 11 August 2022 18:46

Cyber attacks on health institutions

By Acronis
Cyber attacks on health institutions Towfiqu barbhuiya on Unsplash

GUEST OPINION: In the past decade, we've seen the volume of cyber attacks on health institutions grow immensely. Such attacks now occur more frequently and with greater magnitude globally.

A medical institution data breach may expose sensitive information, such as names, addresses, and patients' social security numbers. Additionally, attackers can get a hold of Medicaid ID numbers, health insurance info, patients' medical history, and other data to compromise both patients and staff members.

Here are some statistics from the past few years to give you an idea of the cyber vulnerabilities in the medical sector.

  • Since 2009, over 2100 healthcare data breaches have occurred in the US. And those are just the reported numbers.
  • 34% of all cyber attacks in the sector came from unauthorized access and disclosure.
  • Hospitals account for the highest volume of medical-related data breaches – 30%.
  • Calculations show a 75.6% chance of a breach of at least 5 million records in 2021.

Further data shows that bigger hospitals carry a greater data leak exposure.

Hospital cybersecurity teams understand the need for improved protection against cyber threats. And undoubtedly, cybersecurity has improved over the past five years. Still, that time frame shouldn't come as a surprise as 2015 "hosted" 4 of the 5 most significant cyber attacks on medical institutions to date.

Since then, we haven't seen an attack as big as the one on Anthem. However, the healthcare industry's cybersecurity spending between 2017-2021 is expected to go over $65 billion.

Anthem Blue Cross

2015, 78.8 million patient records exposed

Probably the most prominent healthcare data breach, hackers managed to steal nearly 80 million patient records from Anthem.

The stolen data included social security numbers, patient addresses, and dates of birth. Most of the victims were Anthem plan members, with a small portion of them being clients of independent insurance companies.

Premera Blue Cross

2015, 11+ million people affected

Six weeks following the Anthem breach, Premera Blue Cross announced that hackers exposed the medical information of around 11 million patients.

The breached data comprised social security numbers, bank account numbers, dates of birth, and claims information.

Excellus BlueCross BlueShield

2015, 10 million people affected

Although Excellus reported the cyber attack on their network in 2015, the hacking project was already going on for two years. Potentially, the hackers gained access to all patient records, including social security numbers, full names, addresses, financial payment data, claims details, and credit card numbers.


2011, 4.9 million patients affected

Back in 2011, TRICARE reported a massive data breach of medical and personal data. The information belonged to both families and military patients.

However, this data breach wasn't the result of a cyber attack – all of the records were stolen during a physical data transfer between two data contractor facilities. The thieves stole the documents from a parked vehicle.

The records included personal details, prescriptions, lab test data, and clinical notes but no sensitive financial data.

University of California, Los Angeles Health

2015, 4.5 million patients affected

Although some cyber threats compromise a lesser data volume, they can still be devastating for medical institutions and their patients. The UCLA Health System reported a hack on their network, compromising 4.5 million patient records.

In addition to expected personal information (social security numbers, DoBs, names), the records included highly confidential data such as health plan identification numbers, patient diagnoses, and patient procedures

How to Protect Against Cyber Attacks on Health Institutions?

Designated cyber attacks on medical networks use malware, ransomware, cloud threats, misleading websites, phishing attacks, encryption blind spots, and employee errors to gain access to sensitive data.

To minimize cyber vulnerabilities in the medical sector, institutions should adopt a highly educated approach to cybersecurity as a whole.

  • Establish a stellar security culture

Modern cybersecurity training emphasizes that every medical organization's staff treats patient data with a great sense of responsibility and protection.

  • Mobile device protection

Most modern health institutions use mobile devices at work. To ensure data on those devices is secure, encryption is critical.

  • Firewall implementation

Any device connected to the internet should act behind a firewall.

  • Excellent computer usage habits

New employee onboarding should educate on best computer use practices, software, and OS maintenance.

  • Installation and maintenance of reliable antivirus software 

A simple free antivirus isn't enough. To ensure data protection, you should rely on stable antivirus software, frequently updated to counter any possible threats.

  • Control over access to sensitive health information

Only those who need to access patient data should have clearance for it.

  • Future planning and frequent backups

All medical files should be backed up regularly for quick restoration in case of a hacker attack. Ideally, backups should be uploaded outside the main system network so we are enforcing usage of appropriate backup programs.

  • Strong password usage and updates

Default or weak passwords are a cornerstone for infiltrators. To deny an exploitable entry point, passwords should be both strong and frequently changed.

  • Control over network and physical access

Any software and apps should be installed and monitored by the proper authorities.  Network devices and physical records should be contained in secure, locked areas.

Read 1085 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News