Hacking healthcare: With 385M patient records exposed, cybersecurity experts sound alarm on breach surge

Healthcare companies more than ever are using electronic records and tapping digital services. That’s also creating more opportunities for cybercriminals — who already have exposed the private medical information of millions of patients — and bolsters the case for the industry to make security priority No. 1, experts say.

Healthcare breaches have exposed 385 million patient records from 2010 to 2022, federal records show, though individual patient records could be counted multiple times.

Hacking incidents, a type of breach, at healthcare firms have skyrocketed in the past five years as cybercriminals demand ransoms in exchange for restoring access to sensitive medical data.

Hacking or IT incident is the most common breach type

Other types include unauthorized access/disclosure, theft, loss, improper disclosure, other and unknown.

While healthcare companies have to improve their cybersecurity given the rise in breaches and cyberattacks, regulators need to raise the bar on cybersecurity standards, experts told Healthcare Dive.

“Could all these organizations do a better job? Absolutely,” said Jim Trainor, former assistant director of the Cyber Division at the Federal Bureau of Investigation and who is now a senior vice president of Aon Cyber Solutions, a global professional services firm.

Disrupting any one of the nation’s 16 critical infrastructure sectors, including the healthcare industry, poses a national security threat. These sectors are vital to daily life for millions of Americans and disabling them would have a debilitating effect on society, according to the Cybersecurity and Infrastructure Security Agency, or CISA, the country’s cyber defense agency.

Cyberattacks that disrupt hospital operations put patients’ lives at risk. The FBI said that the healthcare industry was hit the hardest by ransomware attacks in 2021 compared to other critical infrastructure. And the threats come as hospitals struggle with staffing shortages and financial pressures exacerbated by the COVID-19 pandemic.

In the wake of a ransomware attack on one of the nation’s largest hospital operators last year, Healthcare Dive analyzed more than 5,000 breaches…