Cybercrime is an ongoing issue in the healthcare sector. Attacks have increased in recent years and the trend is showing no signs of slowing down. According to an article published in 2022 by the cybersecurity software company Ekran System, healthcare organizations have experienced the most data breaches since 2009 in the USA. Critical Insights estimates that there has been an 84% increase of data breaches against health care organizations between 2018 and 2021. The need to store enormous amounts of personal and private data makes health care organizations a very valuable target for cyber criminals and the lack of preparation of these facilities make them easy targets.

Different targets, one victim: the patient

Phishing attacks are the most common cyber-threat with an estimated 81% of all healthcare organizations being affected. A far more dangerous type of attack, however, is ransomware attacks where the data and/or patient files are encrypted and a ransom is demanded to “free”/decrypt them. Healthcare organizations, especially hospitals, are vulnerable to these types of attacks which can cause shutdowns, compromising the care for patients. Ransomware attacks have been on the rise with an estimated 45% increase in 2021. As recently as September 2022, OakBend Medical Center in Texas was hit by a ransomware attack. Patient safety was not compromised but privacy and confidentiality of some patient data was, with the risk of being leaked publicly. (Source: OakBend Medical Center hit by ransomware; Daixin Team claims responsibility (

Medical Identity theft is another type of cybercrime where a person uses somebody else’s identity information to obtain medical care (services, prescription, …) or to file fraudulent health insurance claims, for example. This can interfere with the medical care and records of victims as someone else has been using their benefits. It is estimated that a medical identity theft can cost patients about $13,500 to resolve. (Source: Medical Identity Theft: Defense & Prevention Measures | Okta)

The increasing number of attacks also increases the costs related to cybercrime. One of the reasons that healthcare facilities are an easy target is their inability to foot the bill for preventative cybersecurity. However, a shutdown due to a ransomware attack is usually a financial disaster, especially for small to medium sized hospitals: according to a survey, shut-downs can last over 9 hours at a cost of $47,500 USD per hour.  Larger sized hospitals (1000+ beds) usually get back on track faster (6 hours on average), each hour costing roughly $21,500 USD. Smaller hospitals with a smaller budget for cybersecurity are more prone to such threats. In 2021, 60% of healthcare ransomware attacks took place in the United States, with medical clinics being the most frequently attacked. (Source: Expert Insights)

Outside of hospitals, other targets in the healthcare sector are pharmacies, care homes, connected medical devices, and insurance companies with the patient being the main victim.

Increasing digitalization invites risk…

While the magnitude of attacks has not increased drastically, the increased digitalization of healthcare institutions makes for a much broader target pool. The healthcare sector has experienced a rapid rate of digitalization in the past decade, as a large variety of healthcare organizations are employing technologies such as cloud computing and IoT (Internet of Things). This rapid digitalization invites security risks and severe cyberattacks. But the need for digitalization and specially associated technologies cannot be ignored because it enhances the value of healthcare. With such increasing rate of digitalization, the risk of cyberattacks are only expected to follow a similar pattern.

…but a strong IT culture can mitigate the threats efficiently

The priority for international and national governing bodies is to ensure the trust of the people in the healthcare services offered. According to a World Economic Forum (WEF) report from January 2022, cybersecurity threats rank among the most serious concerns today. The international and national governing bodies promote and enforce internal training and security policies to mitigate the risk of cyberthreats. Various levels can enforce greater security; for example, IT security teams with an efficient patch management system can avoid costly data breaches simply through regular organization and workflow, automation to track and employ security patches instantly. Such measures can be strengthened by employing and maintaining a strong culture of responsible IT security. Associated professionals such as staff, volunteers, and vendors should all receive periodic awareness training. 

Cybercrime is a reality that needs to be controlled by maintained cybersecurity

Dedicated governing bodies enforcing the guidelines and assisting with similar training programs are also gaining attention. Simulation training programs such as those organized by ENISA to help professionals counter and mitigate security risks by coordinating at both international and national levels.

With the rising threat of cyberattacks, such support can help tackle cyber problems in the most efficient way.