Loading...

Prediction Check-In: Cyberattacks Continue to Plague Healthcare Sector

Published: June 2, 2017 by Michael Bruemmer

Like an unimmunized person in a roomful of flu patients, the healthcare sector continues to be at high risk of catching something unpleasant. Cyberattacks and data breaches jeopardize the well-being of healthcare organizations of every size, and too often their exposure is a result of not doing everything they can to immunize themselves against attack.

In our 2017 Data Breach Industry Forecast, we predicted the profitability and uneven defenses of the healthcare sector would cause cybercriminals to continue to focus attacks on healthcare organizations. Numbers from the Identity Theft Resource Center indicate our prediction was right; by mid-year, 151 healthcare breaches have compromised more than 1.9 million records, accounting for nearly 22 percent of all 2017 breaches thus far.

We also predicted:

  • Ransomware would emerge as a top threat for healthcare organizations.
  • Cybercriminals would expand their range of targets within the sector, causing mega breaches to broaden their focus from insurers to other organizations, including hospital networks.
  • Electronic health records and mobile applications would increasingly be targeted.

The year so far

In mid-May the WannaCry ransomware cyberattack became the largest ever, affecting computer systems in more than 150 countries. Ransomware uses malicious code to infect systems, seize control and shut down user access until the affected organization or individual pays a ransom to unlock their systems.

Britain’s National Health Service (NHS) was one of the largest victims of WannaCry, which infected medical devices as well as administrative PCs. The impact was widespread, affecting critical operations and causing hospitals to reject patients, doctor’s offices to shut down and emergency rooms to divert patients. Like a patient with a compromised immune system who ignores his doctor’s advice to get an annual flu shot, the NHS allegedly disregarded multiple security warnings to update and protect its systems.

Cybercriminals have also expanded their targets for mega breaches beyond insurers. So far in 2017, the largest known healthcare breach in terms of number of compromised records occurred at a urology practice in Austin, Texas. ITRC statistics show nearly 280,000 records were compromised through the breach of the practice, which has eight locations in the greater Austin area. According to the practice’s official data breach notice, a ransomware attack encrypted data stored on the organization’s servers.

Electronic health records were the target of cyberattacks at numerous healthcare organizations, including a fertility and menopause clinic in New Jersey, where more than 17,000 records were compromised, ITRC reports.

The number, scope and impact of healthcare cyberattacks will only grow. The industry that focuses on taking care of Americans’ physical and mental health should proactively take steps to safeguard its own health by updating security measures and data breach response plans.

Related Posts

Romance scams target individuals of all ages and backgrounds. Financial institutions need to protect their customers from these schemes.

Published: February 5, 2025 by Alex Lvoff

As data breaches become an ever-growing threat to businesses, the role of employees in maintaining cybersecurity has never been more critical. Did you know that 82% of data breaches involve the human element1 , such as phishing, stolen credentials, or social engineering tactics? These statistics reveal a direct connection between employee identity theft and business vulnerabilities. In this blog, we’ll explore why protecting your employees’ identities is essential to reducing data breach risk, how employee-focused identity protection programs, and specifically employee identity protection, improve both cybersecurity and employee engagement, and how businesses can implement comprehensive solutions to safeguard sensitive data and enhance overall workforce well-being. The Rising Challenge: Data Breaches and Employee Identity Theft The past few years have seen an exponential rise in data breaches. According to the Identity Theft Resource Center, there were 1,571 data compromises in the first half of 2024, impacting more than 1.1 billion individuals – a 490% increase year over year2. A staggering proportion of these breaches originated from compromised employee credentials or phishing attacks. Explore Experian's Employee Benefits Solutions The Link Between Employee Identity Theft and Cybersecurity Risks Phishing and Social EngineeringPhishing attacks remain one of the top strategies used by cybercriminals. These attacks often target employees by exploiting personal information stolen through identity theft. For example, a cybercriminal who gains access to an employee's compromised email or social accounts can use this information to craft realistic phishing messages, tricking them into divulging sensitive company credentials. Compromised Credentials as Entry PointsCompromised employee credentials were responsible for 16% of breaches and were the costliest attack vector, averaging $4.5 million per breach3. When an employee’s identity is stolen, it can give hackers a direct line to your company’s network, jeopardizing sensitive data and infrastructure. The Cost of DowntimeBeyond the financial impact, data breaches disrupt operations, erode customer trust, and harm your brand. For businesses, the average downtime from a breach can last several weeks – time that could otherwise be spent growing revenue and serving clients. Why Businesses Need to Prioritize Employee Identity Protection Protecting employee identities isn’t just a personal benefit – it’s a strategic business decision. Here are three reasons why identity protection for employees is essential to your cybersecurity strategy: 1. Mitigate Human Risk in Cybersecurity Employee mistakes, often resulting from phishing scams or misuse of credentials, are a leading cause of breaches. By equipping employees with identity protection services, businesses can significantly reduce the likelihood of stolen information being exploited by fraudsters and cybercriminals. 2. Boost Employee Engagement and Financial Wellness Providing identity protection as part of an employee benefits package signals that you value your workforce’s security and well-being. Beyond cybersecurity, offering such protections can enhance employee loyalty, reduce stress, and improve productivity. Employers who pair identity protection with financial wellness tools can empower employees to monitor their credit, secure their finances, and protect against fraud, all of which contribute to a more engaged workforce. 3. Enhance Your Brand Reputation A company’s cybersecurity practices are increasingly scrutinized by customers, stakeholders, and regulators. When you demonstrate that you prioritize not just protecting your business, but also safeguarding your employees’ identities, you position your brand as a leader in security and trustworthiness. Practical Strategies to Protect Employee Identities and Reduce Data Breach Risk How can businesses take actionable steps to mitigate risks and protect their employees? Here are some best practices: Offer Comprehensive Identity Protection Solutions A robust identity protection program should include: Real-time monitoring for identity theft Alerts for suspicious activity on personal accounts Data and device protection to protect personal information and devices from identity theft, hacking and other online threats Fraud resolution services for affected employees Credit monitoring and financial wellness tools Leading providers like Experian offer customizable employee benefits packages that provide proactive identity protection, empowering employees to detect and resolve potential risks before they escalate. Invest in Employee Education and Training Cybersecurity is only as strong as your least-informed employee. Provide regular training sessions and provide resources to help employees recognize phishing scams, understand the importance of password hygiene, and learn how to avoid oversharing personal data online. Implement Multi-Factor Authentication (MFA) MFA adds an extra layer of security, requiring employees to verify their identity using multiple credentials before accessing sensitive systems. This can drastically reduce the risk of compromised credentials being misused. Partner with a Trusted Identity Protection Provider Experian’s suite of employee benefits solutions combines identity protection with financial wellness tools, helping your employees stay secure while also boosting their financial confidence. Only Experian can offer these integrated solutions with unparalleled expertise in both identity protection and credit monitoring. Conclusion: Identity Protection is the Cornerstone of Cybersecurity The rising tide of data breaches means that businesses can no longer afford to overlook the role of employee identity in cybersecurity. By prioritizing identity protection for employees, organizations can reduce the risk of costly breaches and also create a safer, more engaged, and financially secure workforce. Ready to protect your employees and your business? Take the next step toward safeguarding your company’s future. Learn more about Experian’s employee benefits solutions to see how identity protection and financial wellness tools can transform your workplace security and employee engagement. Learn more 1 2024 Experian Data Breach Response Guide 2 Identity Theft Resource Center. H1 2024 Data Breach Analysis 3 2023 IBM Cost of a Data Breach Report

Published: January 28, 2025 by Stefani Wendel

A spoofing attack occurs when a threat actor impersonates a trusted source to gain access to sensitive information, disrupt operations or manipulate systems.

Published: January 27, 2025 by Julie Lee

Subscribe to our blog

Enter your name and email for the latest updates.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Subscribe to our Experian Insights blog

Don't miss out on the latest industry trends and insights!
Subscribe