Cybercriminals targeting medical data in attacks

Healthcare organisations hold a vast array of different data about their patients, most of which is highly private and sensitive. Confidential medical information should be safeguarded by the principle of doctor-patient confidentiality, as well as by strong data protection measures. Unfortunately, the number of cybercriminals targeting medical data appears to be on the rise around the globe.

With medical information a prime target, it is important that all healthcare organisations ensure that their systems are secure, and that employees abide by strict data protection procedures. However, in too many cases, there appears to be holes in the defences that put patient data at risk.

Any patient that has been made vulnerable to data misuse by the errors of a healthcare organisation may be able to claim compensation for the harm caused. If you think that you may have a claim to make, you can contact us for free, no-obligation advice on your potential compensation claim.

The motivations for cybercriminals targeting medical data

For cybercriminals, the sensitive and emotionally charged nature of medical information can make it highly valuable. Cybercriminals targeting medical data can misuse it for a variety of purposes, some of which can be highly profitable.

For example, cybercriminals can use medical information to execute scams, as the mention of medical details can be enough to make victims trust unknown third parties. By sending an email in the guise of a healthcare professional or a legitimate organisation, cybercriminals may be able to manipulate victims into handing over further data, such as bank account details.

In addition, cybercriminals are all too aware of the fact that private medical information can be potent fuel for blackmail. Cybercriminals targeting medical data can use ransomware attacks to hold data for ransom, leaving healthcare organisations and sometimes the patients themselves in the difficult position of having to pay a price for the safe return or release of private information, which is by no means guaranteed.

The growing cybersecurity risk for healthcare organisations

According to recent statistics, the cybersecurity risk to healthcare organisations is only increasing. Ransomware is a serious driving force for successful cyberattacks against healthcare organisations across the globe, and events of the past must not be forgotten.

One memorable ransomware threat that the UK faced was the notorious NHS data breach of 2017 involving the WannaCry ransomware attack. Over a third of Trusts in England were said to have been affected and, although there was no evidence that patient data was compromised, many appointments had to be cancelled after systems were brought to a standstill.

Analysts have yet to fully take stock of the impact of coronavirus on NHS cybersecurity, but NHS Digital revealed that health services had reportedly received over 20,000 fraudulent emails in a single month during the early stages of the pandemic in Spring 2020.

Making a data breach compensation claim

Anyone who has fallen prey to cybercriminals targeting medical data will likely have suffered a great degree of distress and worry as a result of the exposure of their private information. It is essential that all cyberattacks on healthcare organisations are thoroughly investigated to identify if negligence is at play. In cases such as this, the affected patients may be able to make a data breach compensation claim.

If you believe your data security has been unlawfully put at risk by the errors of a healthcare organisation, you can contact us for free, no-obligation advice on your potential compensation claim.

Companies hit by multiple cyberattacks – advice for victims

Human errors and cyberattacks – advice for victims