• Skip to primary navigation
  • Skip to main content
WinZip Enterprise Blog

WinZip Enterprise Blog

Protecting the world's most sensitive data for over 30 years.

  • Articles
    • Backup
    • Company News
    • Compression
    • Encryption
    • File Sharing
    • Security
  • Resources
  • Get a Quote
Blog Home > Security

What is the biggest threat to the security of healthcare data? 

WinZip Blog – December 1, 2022

Cybersecurity is a critical concern for healthcare organizations. Protected health information (PHI) is more valuable than other types of personal data, making it a key target for cyber criminals. This is because healthcare records contain a variety of personal information, such as an individual’s name, social security number, financial details, and more.

Health data is around 20 times more valuable than financial data on the Dark Web. The remediation costs following a healthcare data breach are also higher. This includes expensive processes such as investigation, incident response, breach containment, and more. The cost to remediate a health data breach is around $408 per record compared to $148 per non-health record. Despite the risks, the healthcare industry falls short in terms of cybersecurity.

Fortunately, there are tools and best practices that can help prevent cyberattacks in the healthcare industry. In this article, we will detail current cybersecurity challenges in healthcare environments as well as solutions that increase the security of your organization’s healthcare data.

Healthcare cybersecurity challenges

Data breaches and other security threats have increased sharply over the past few years, fueled in large part by the rapid and necessary shift to remote working conditions in 2020 as the pandemic reshaped how people work.

In addition to the challenges posed by an expanded remote workforce, healthcare organizations were also faced with an increased patient load. Resource limitations impacted every level of patient care, including healthcare data security.

For example, elective procedures were canceled to control the spread of the virus, but this also created revenue shortages. On average, elective procedures make up 60% of total revenue for healthcare organizations. These cancellations led to a revenue loss of around $22.3 billion nationally.

With limited space, staff, supplies, and revenue, many healthcare organizations were unable to prioritize cybersecurity measures. Cyberattacks spiked as a result, with more than 1 in 3 healthcare entities experiencing a ransomware event in 2020 alone.

While the pandemic has waned, cybersecurity threats have only increased. In the first five months of 2022, the number of data security breaches in the healthcare industry almost doubled compared to the same period in 2021.

The healthcare sector’s cybersecurity challenges include the following:

  • Mobile access. Medical devices that run on an internet connection often lack adequate privacy and security measures. Devices such as insulin pumps, pacemakers, and wearable trackers rely on constant connectivity to work.

    Without ample network and file security, this data could be compromised in a cyberattack. For example, over 61 million records related to wearable devices (e.g., Fitbit) were compromised in a database breach in 2021.

  • Legacy systems. Legacy systems are highly customized and designed to meet the specific goals and needs of the healthcare organization. Approximately 73% of healthcare providers use medical equipment that relies on a legacy operating system.

    This outdated equipment presents a host of cybersecurity risks due to a lack of security patches or updates. For example, vulnerabilities in unpatched medical devices fueled the 2017 WannaCry global ransomware attack.

  • Staff shortages. Healthcare cybersecurity staff are increasingly overworked, understaffed, and undertrained. Around a third of health IT teams are not sufficiently staffed for cybersecurity, further straining existing team members.

    Skills gaps further hinder healthcare IT teams. Around 40% of IT staff lack cybersecurity expertise and an additional 39% of individuals are deficient in data protection skills.

  • Broad attack surface. The average US hospital has 10 to 15 connected devices per hospital bed, which means large organizations could need to secure tens of thousands of medical devices.

    Because these networked devices typically run on outdated software and devices, they present a number of vulnerabilities that can be exploited by cybercriminals.

Common healthcare data threats

From hospitals to pharmaceutical companies and care facilities, every aspect of the healthcare industry is susceptible to cyberattacks. Teaching and research hospitals are especially vulnerable because they manage, store, and transfer a large volume of sensitive data.

From 2018 to 2021, healthcare data breaches increased by 84%. The number of victims affected by these breaches also increased from 14 million in 2018 to 44.9 million in 2021. As of July 2022, more than 22 million health records have been breached in the US, a 4.6% increase from the same period the previous year.

Let’s look at some of the greatest threats to healthcare data security:

Phishing

Phishing is a technique where malicious actors trick their victim into giving them system access. Common phishing attack vectors include emails, websites, social media, and text messages. For example, hackers accessed a Colorado-based eye care practice employee’s work email and used it to copy patient data. This phishing incident compromised more than 26,000 people’s sensitive information.

Cybercriminals often use a phishing attack to gain access to a critical network or system. Once they’re in, they can easily exfiltrate sensitive files, compromise accounts, and infect businesses with ransomware.

Because phishing seeks to obtain sensitive data, healthcare organizations account for around half of all phishing attack victims. The cost of recovering from such an attack averages around $14.8 million, which is three times greater than it was in 2015.

Third-party data breaches

A third-party data breach occurs when a malicious actor gains access to sensitive health data via third parties such as vendors, suppliers, or business partners. The healthcare industry is the most common victim of this attack vector. Attacks by third parties were responsible for 33% of healthcare cybersecurity incidents in 2021.

For example, in 2020, vulnerabilities in Accellion’s file transfer system gave cybercriminals access to the private data of millions of individuals. Numerous healthcare organizations that used the software to transfer large, sensitive files within the network were impacted by the third-party breach.

According to the settlement proposal, Accellion did not guarantee the security of the software and the clients were solely responsible for their data security practices. The last security update for the software in question was issued in February 2019, creating the vulnerabilities that gave the threat actors access to connected client networks.

Ransomware

Ransomware is the biggest threat to the security of healthcare data. Two-thirds of healthcare organizations were affected by ransomware in 2021, compared to 34% in 2020.

Because the healthcare industry is heavily dependent on access to data to maintain operations, they are under immense pressure to recover information quickly. As a result, they are frequently targeted by ransomware groups because healthcare organizations pay the ransom demand 61% of the time.

When ransomware is used to attack a healthcare entity, the attackers successfully encrypt and subsequently ransom sensitive health data 65% of the time. This is higher than the national average of 54%, due to factors such as a reliance on legacy systems, understaffing, and resource challenges.

Ransomware attacks are costly not just in terms of the ransom demand, but also because they cause major healthcare disruptions. Hospitals across the globe have blamed a ransomware attack for patient deaths, such as when hackers compromised systems that caused a newborn’s heart monitor to fail.

The role of file security in preventing cyberattacks

Today, cybercriminals can successfully breach 93% of company networks. With the growing risk of data breaches and ransomware, it’s more important than ever for organizations to protect their critical health data.

File encryption protects against cyberattacks and data loss by rendering the data useless to anyone without the correct password key. Encrypting at the file level adds an additional layer of security as data moves between devices, networks, and databases.

WinZip® Enterprise protects healthcare data through secure file sharing, compression, encryption, and management. With centralized IT control, WinZip Enterprise can be easily customized to meet the complex needs of health data security.

Discover how WinZip Enterprise can help healthcare organizations keep their data secure from ransomware and other cybersecurity threats.

Related Articles
What is GLBA compliance, and what does it mean for data protection at financial institutions?
WinZip Blog - March 30, 2023
What is data exfiltration and how to prevent it?
WinZip Blog - March 9, 2023
What is military grade encryption and does your organization need it? 
WinZip Blog - February 9, 2023
How healthcare cybersecurity services can help keep your organization compliant 
WinZip Blog - January 26, 2023
The importance of data security in healthcare 
WinZip Blog - January 19, 2023
What is the healthcare industry cybersecurity task force? 
WinZip Blog - January 12, 2023
Does your healthcare staff need a healthcare cybersecurity certification? 
WinZip Blog - January 5, 2023
Cybersecurity in the insurance industry: what you need to know 
WinZip Blog - December 8, 2022
What is File Security and What Does It Mean for Your Business? 
WinZip Blog - November 10, 2022
Cloud-based file sharing and data security: what you need to know 
WinZip Blog - October 20, 2022
What is HIPAA compliant cloud storage? 
WinZip Blog - October 6, 2022
Why is file security important at the enterprise level?
WinZip Blog - September 29, 2022
HIPAA and PII: How they are connected 
WinZip Blog - September 22, 2022
What is Data Anonymization?  
WinZip Blog - September 1, 2022
Secure Exchange: What It Is and Why It’s Important for Your Business 
WinZip Blog - August 18, 2022
Why Is Data Security So Important for Enterprises? 
WinZip Blog - August 11, 2022

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Learn more about WinZip Enterprise today!

Get a Quote

Connect With Us

  • Facebook
  • Twitter
  • YouTube

Copyright ©2023 Corel Corporation. All Rights Reserved. WinZip is a Registered Trademark of Corel Corporation