Health data breaches have seen an unprecedented rise in recent times. Overwhelmed and untrained healthcare administrators appear to be making simple errors in some cases, and as a result, millions of people are at risk of their personal information being released.
On top of this, cyber criminals are targeting hospitals, GP practices and University health research facilities to steal and hold medical data for ransom. In the ever-advancing digital world, our cyber security measures are failing to keep up, and it seems like the healthcare sector still remains way off the mark.
Only halfway through this year and we have already seen over 149 breaches that have affected almost 2.7 million people in the U.S. alone. This is a good indicator we can use here in the U.K. too, and thanks to more widespread reporting in the U.S., there is often a wealth of data breach information available for us to analyse.
With further reference to the above, a third of these breaches reportedly resulted from a hack; compromising data belonging to 1.6 million individuals (or the equivalent of three times the entire population of Luxembourg!)
The healthcare sector are guilty of compromising the most data, as usual. Let’s take a look at the 5 biggest breaches of health care data this year (so far…)
| Organisation | Number of affected individuals |
|---|---|
| Commonwealth Health | 697,800 |
| Airway Oxygen | 500,000 |
| Urology Austin | 279,663 |
| Harrisburg Gastroenterology | 93,323 |
| VisionQuest Eyecare | 85,995 |
Commonwealth Health Corp saw its Med Center Health entity commit the largest breach when one of its former employees illegally downloaded patient data without authorisation. The information was allegedly put onto an encrypted CD and USB stick.
Healthcare data held to ransom
Airway Oxygen and Urology Austin were both hacked. Cyber criminals were able to hold the database servers for ransom – known as “ransomware”.
Ransomware is a growing trend, and the healthcare industry is an increasingly popular target.
When thinking of stealing information for money, our immediate thought is the banking and finance sectors; however, healthcare data being held for ransom has proven to be very lucrative to cyber hackers and less hassle than going after the financial industry.
Organisations may feel they have to pay the price of the ransom or face their customers’ data leaked far and wide, and when its healthcare data, we know it’s sensitive!
The U.K. under attack
In the U.K., we’ve witnessed the fallout from the NHS being under attack from ransomware recently, and healthcare breaches and leaks are happening all the time.
As we saw with the international WannaCry ransomware attack this May, hackers are targeting outdated servers to take over control of databases and hold organisations to ransom.
Some organisations have paid thousands of pounds to regain access to their databases, and with data as sensitive as healthcare data being encrypted and threatened with release, it’s no surprise that these ransoms are being met.