Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireSecurity Leadership and ManagementLogical SecuritySecurity Education & TrainingCybersecurity NewsHospitals & Medical Centers

Why is healthcare a top target for cybersecurity threats?

By Shawn Dickerson
ambulance on street

Image from Unsplash

September 13, 2022

Global cybercrime will reach $10.5 trillion by 2025, making it more profitable than the international drug trade and larger than all economies except the U.S. and China. In particular, cybercrime is making a major impact on the U.S. healthcare system.

Cybercriminals from every corner of the globe are sending out 3.4 billion phishing emails daily, according to Earthweb, and U.S. healthcare organizations are a prime target. In 2021, 61% of respondents to a Sophos healthcare study reported that they paid ransoms, which is a rate higher than any other sector. And, ransomware attacks on healthcare organizations increased an alarming 94% in just one year.

The pandemic made the situation worse. Hackers are taking advantage of stressed healthcare employees and unprotected networks to infiltrate their systems. According to Paubox data, the number of attacks against healthcare providers has been steadily rising and malicious emails have increased 600% since the pandemic began.

Why is healthcare particularly vulnerable to cyberattacks

Healthcare organizations have experienced a spike in attacks due to their high propensity to pay a ransom, the value of patient records, and often inadequate security. The sector also has a zero-sum choice between paying a ransom and risking patients' lives, which bad actors exploit. Because healthcare providers can't fully serve patients without access to records and monitoring digital medical tools connected to health networks, they often yield to demands to put patients first. It is important to note, however, that not all organizations that pay a ransom get their data back.

Phishing attacks are exceptionally dangerous for healthcare organizations because patient data is one of the most valuable assets for criminals today. Protected health information (PHI) is worth a fortune to cybercriminals and is one of the hottest commodities on the dark web. Experian tags stolen patient records as going for $1,000 each, while credit card numbers are selling for around $5 each, a hacked Instagram account is $7, and Social Security numbers are worth a paltry $1.

In addition, criminals experienced in drug trafficking and money laundering eagerly buy medical records to obtain prescription medications, file bogus medical claims, or steal the information to open credit cards and take out fraudulent loans. Medical records are a rich resource of valuable and permanent data points, while accounts and credit cards are quickly canceled.

Cyberattacks on healthcare also yield exorbitant ransoms. For example, the ransomware known as Ryuk has purportedly been used to extort millions from U.S. healthcare facilities since 2018. In addition, the average price tag of a healthcare data breach just climbed to $10 million, according to IBM Security's annual Cost of a Data Breach Report.

How healthcare organizations can protect themselves against cybersecurity threats

Every healthcare company needs to prioritize security. In particular, since email is one of the most frequent entry points for data breaches, a zero trust approach is recommended for organizations to adopt.

Healthcare providers also have a legal obligation to protect patients and their PHI, especially when sending or receiving emails. So, email security strategies and solutions need to address both cybersecurity and HIPAA compliance.

Cybersecurity leaders should follow these steps to prevent a data breach:

  1. Educate and train staff to reduce the risk of social engineering attacks via email and network access.
  2. Assess enterprise risk against all potential vulnerabilities and prioritize implementing the security plan with the necessary budget, staff and tools.
  3. Develop a cybersecurity roadmap that everyone in the healthcare organization understands.

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) encourages organizations to familiarize themselves with the growing threat of ransomware and provides links to online government resources to help healthcare facilities protect themselves.

The risk of not implementing an email security program is too high

Health system leaders are asking for help to fight off hackers. However, insurers sometimes won't cover damages, and there are complaints that there is not enough government or law enforcement support.

Consider this: To date, 60% of healthcare organizations have raised prices to cover the expense of a breach. And the regulatory compliance and legal expenses can extend for years. Those costs are spilling over to the U.S. population, already burdened with inflation.

The best way forward for healthcare organizations is to acknowledge the severe threat of the cyberwar being waged, assess their situation, and plan and implement a security strategy tailored for the sector, providing staff with the tools and resources necessary to prevent a cyberattack.

KEYWORDS: cyber attack cyber security threat data breach healthcare cybersecurity hospital safety ransomware

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Shawn headshot

Shawn Dickerson is Vice President of Marketing for Paubox, a leader in HIPAA compliant email and marketing solutions for healthcare organizations.  He is guiding Paubox’s strategic marketing initiatives for a suite of solutions that support the email compliance and security needs of medical practices, mental health facilities and hospitals. Dickerson has more than 20 years of marketing and demand generation experience, including roles at Workfront, Novell and several venture-backed startups.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Cybersecurity Leadership Images

    How Healthcare is a Major Target for Cybercriminals

    See More
  • ransomware

    Rise of ransomware: Why OT is a prime target for cybercriminals

    See More
  • black keyboard with blue lighting

    Healthcare top infrastructure target for cyberattacks

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing