Focus: Cybersecurity

Why are there so many security breaches in healthcare?

By Andriana Moskovska / Special to Healthcare Facilities Today
July 8, 2019

Cyber attacks have become a bigger threat than ever before. Cybercriminals steal billions of dollars every year, and large scale hacks can now cost millions of dollars to industries worldwide. Everyone even marginally acquainted with cybersecurity knows what happened to Yahoo just a few years ago - millions of accounts compromised and a reputation forever tarnished.

What’s more:

It seems that no one is safe from the looming cyber threat. Education, business, energy - you name an industry, and it’s bound to have a swarm of cybercriminals looking for a weak spot. This is the reason why cybersecurity has grown so much over the last few years and why many hold it in such high regard.

But there’s one industry that has consistently failed to take proper cybersecurity measures: healthcare.

As of late, healthcare has taken the brunt of the cyber onslaught. Most of you reading this know about the Quest Diagnostics fiasco. And just a day after that took place, the news about LabCorp came to light. Both companies lost millions of dollars worth of data.

Going further back, healthcare has often made headlines for the same reason. But what is the cause of this phenomenon? Why are healthcare services targeted to this extent? And why can’t they fend off the hackers?

Here are some of the main reasons:

  • The value of PHI (Personal Health Information) over PII (Personal Identifiable Information) - Something a hacker will always go after is value. Data that can be used for fraud or blackmail is his bread and butter. And PHI can be very useful. Estimates point to PHI being worth over $300 on the black market, many times more than PII. 

You might be wondering:

“Why is PHI so valued in criminal circles?” 

The main reason is that it holds much more sensitive information than PII. A person’s medical history will allow a hacker to manipulate them or those around them to a greater extent than their Social Security number. For instance, the criminal might get a hold of someone’s prescription and then resell the medicine. 

Seeing that PHI is worth so much, it’s only natural that attackers try their damnedest to compromise this kind of information. And that logically leads them to set their sights on healthcare institutions more often than on other industries.

  • Declining security standards - Security for healthcare organizations has seen less and less stringent standards in recent years. In the US, HIPAA (Health Insurance Portability and Accountability Act) reduced the tolerated conformance threshold from 74 to 72% in 2018. In essence, healthcare businesses get to play fast and loose with safety regulations to a greater degree than before.

  • HIPAA has very well-established guidelines for making health providers more likely to report breaches than most other sectors.

  • Lack of security budgets - Strangely, healthcare firms have bumped cybersecurity down their list of priorities. Meanwhile, the number of cyber attacks specifically affecting them has gone up. So what’s the rationale behind this?

Here’s the thing:

Many organizations of this stripe claim they can’t meet the modern technological demands the cyber arms race has set. The attacks are getting bigger and badder at a rate cybersecurity can’t keep up with. In turn, many firms simply don’t bother with keeping their measures up to snuff. In their minds, there are other pressing matters that require more assets.

So is there any hope for improvement? 

Sadly, it’s not likely.

The way things are going at the moment, there is little to promise any change for the better. The current aggressive climate in the cybersecurity world makes many healthcare businesses unwilling to invest heavily in defenses that might not even work in the near future - if at all. In fact, the future might even be worse than what we’re seeing today.

Andriana Moskovska is a tech blogger and contributor at

See the latest posts on our homepage


Topic Area: Security

Recent Posts
Recent Posts

Twice as Nice: Hospital To Double Bed Count

Expansion will add 200,000 square feet, more than double number of beds, and renovate and expand surgical and other facilities


Rethinking Emergency Preparedness in Assisted Living

Research findings underscore importance of understanding ‘unique challenges’ communities face


Ronald McDonald House in Hotel Links to Hospital

First-ever Ronald McDonald House designed and built for hotel has opened


Health-Housing Project Targets Community Needs

3.7-acre complex is designed to increase access to healthcare and affordable housing for area’s most vulnerable


Seismic Shift: System Opts To Build New, Not Retrofit

Retrofitting existing facility would cost about as much as building new hospital


Post Comment


News & Updates • Webcast Alerts • Building Technologies

All fields are required.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.