Cybersecurity Concerns in the Healthcare Industry

The Value of Medical Data

The world is becoming increasingly filled with and controlled by data. Most data experts agree that the total amount of information generated by humans is doubling every two years. Another way to look at it is that 90% of the world’s data has been generated in the last two years. With this vast amount of information being created, transmitted and stored online, the instances of cyber crimes are also growing.

The prevalence of cybersecurity threats is of special concern for the healthcare industry. Healthcare providers maintain medical information electronically and increasingly connect with patients over the Internet. The FBI warns that on the black market, Personal Health Information (PHI) is worth ten or twenty times the value of a stolen credit card. With stolen PHI, cyber-criminals can impersonate patients to obtain drugs, medical care or expensive medical equipment.

And the cost of data breaches and stolen PHI is skyrocketing. Consider these statistics about healthcare data:

  1. Over the last 10 years there have been more than 2500 data breaches that have impacted 189 million medical records.
  2. Nearly 90% of healthcare providers have had data breaches in the last 2 years.
  3. Over 40% of Americans have had personal health information exposed in the last 3 years.
  4. Data breaches cost healthcare providers an average of $9.23 million.
  5. The total estimated cost of data breaches through 2021 is $6 trillion.

Making matters worse, healthcare companies have historically been lax in data security. Studies reveal that it can take an average of 287 days to identify and respond to a data breach.

Given the volume of data and the cost of stolen medical information, healthcare companies are making every effort to enhance their cyber-security systems. Here are three areas of vulnerability for healthcare industry:


One primary security concern comes from phishing. More than 90% of all cyberattacks start with a seemingly innocent email that encourages an employee to click on a link which then exposes not only them but the rest of the organization to an attack. Phishing emails are becoming increasingly sophisticated and harder to detect. It is important to keep your staff continually updated and trained to identify and report suspected phishing emails. There are many security solutions available on the market such as gateways and spam filters, and new AI-powered email solutions help minimize exposure to phishing attacks.

Shadow IT

While phishing is an outside threat, another area of potential exposure can occur within an organization. Shadow IT is created when employees utilize technology or software that the IT department hasn’t approved or doesn’t know about. The paradox is that as IT departments implement stronger security protocols, employees within that organization can be more motivated to find technology and software tools to work around those systems to get their jobs done faster. While they may not have malicious intent, these employees can compromise existing security systems, inadvertently put data at risk or expose networks to malware infections. And unfortunately, many Shadow IT practices can go undetected for years because of a general lack if visibility into user activities.

Cloud Misconfiguration

Perhaps the biggest risk of data exposure or theft can come from misconfigured cloud resources. Misconfigurations usually result from human error when setting up a cloud architecture. This can create an entry point for cybercriminals to access networks and data. Most security professionals worry that human error could result in the accidental exposure of their cloud data. In fact a recent study showed that 93% of cloud deployments had some misconfigured cloud storage services.

A Trusted Partner

Data security is vital to the healthcare industry so it is important to have an IT partner who knows the industry and can help you minimize your risk. InterVision has been helping IT teams migrate to the cloud or securing and optimizing cloud operations for more than 25 years. We also have expertise in helping healthcare organizations ensure compliance with a wide range of regulatory frameworks. Visit our website or call us at 844-622-5710 to speak with one of our experts today.