“Hello, Grey Sloan Memorial. Currently, we control your hospital. We own your servers. We own your systems. We own your patients’ medical records. To regain access to your medical records, you need an encryption key, which only we have. You will need to pay us exactly 4,932 Bitcoin to retrieve the key. Failure to pay this ransom in a timely manner will cause your records to be destroyed and your systems to be rendered inoperable.”
Fans of Shonda Rhimes’ hit drama will recognize the hospital name right away—and might even be able to recall the referenced episode. But this fictional data breach on Grey’s Anatomy isn’t the only case of art imitating life.
In fact, healthcare data breaches have been a harsh reality for many institutions. In 2017, the year that episode aired, there were at least 477 healthcare data breaches that compromised more than 5.5 million records.
And the numbers continue to grow, even with compliance laws such as HIPAA and additional security measures such as multifactor authentication in place. In 2022 alone, there were 707 breaches, the second worst year on record after 2021.
The Allure of Hospital Systems for Cybercriminals
The hospital data breach plotline is so well known by now that when another one comes along, it's almost hard to be invested in the episode unless you’re waiting to see if there might be a fresh take on the familiar trope. Nearly every hospital procedural in recent memory has tried its hand at the storyline: Grey’s Anatomy and Chicago Med in 2017, The Resident in 2018, and The Good Doctor and New Amsterdam in 2021. And there’s plenty of time for those who haven’t yet tackled a security breach to get in line (looking at you, Transplant).
Why have hospital systems become such prime targets for cybercriminals that they’ve all but become a Hollywood cliché? The answer lies in two factors: money and vulnerability.
Firstly, a person's medical records are highly valuable on the dark web. While credit card information and Social Security numbers may fetch a few dollars, medical records can be sold for as much as $1,000. With breaches affecting nearly 50 million Americans in 2022, the potential profit is staggering.
Secondly, hacking into these systems is often easier than expected. The healthcare industry faced the challenge of integrating electronic health records before the internet was even born, leading to vulnerabilities that cybercriminals exploit. The COVID-19 pandemic further exacerbated the situation with the rapid shift to digital care and increased remote device activity. Combine this with the global tensions in cyberspace, and it's clear why the healthcare industry has become a major target.
Finding Hope in Enhanced Healthcare Security
Although the threat of healthcare data breaches may seem daunting, there is hope. Just like our favorite fictional hospitals manage to successfully navigate breaches and save lives, real-world organizations can strengthen their healthcare security posture.
To protect your organization and patient privacy, focus on the five pillars: electronic health records (EHR) systems, connected devices, payers, providers, and government regulators. Data breaches can originate from any of these areas and impact the entire ecosystem. Here are some crucial measures to implement:
- Analyze: Conduct an annual security assessment to check for vulnerabilities.
- Plan: Create and implement a response plan that has clear guidelines to follow in the event of a breach.
- Educate: Ensure that your staff is aware of cybersecurity policies and alert them anytime a change is made to the response plan.
- Protect: Encrypt sensitive data and keep your network infrastructure secure by limiting personal devices, restricting access to protected health information, and updating your systems regularly.
- Invest: Allot a healthy budget for network security, including staff and the tools they require.
Strengthening Healthcare Security for a Safer Future
Healthcare data breaches are not just the stuff of fiction but a stark reality, with institutions facing the constant threat of cyberattacks. The allure of hospital systems for cybercriminals lies in the lucrative nature of stolen medical records and the vulnerabilities present in outdated infrastructure.
However, by focusing on the five pillars—EHR systems, connected devices, payers, providers, and government regulators—organizations can fortify their defenses and protect patient privacy. Analyzing vulnerabilities, creating response plans, educating staff on cybersecurity policies, implementing robust data encryption, and investing in network security are vital steps toward mitigating risks.
It's time to take proactive measures to safeguard healthcare data and earn patients’ trust and confidence. Together, we can build a safer future in which hospitals and healthcare organizations remain resilient in the face of evolving cyberthreats.
To keep up with trends as important as healthcare cybersecurity, subscribe to our blog today.
