Cyber and Healthcare

Cybersecurity and Healthcare: What You Need to Know About Keeping Your Medical Records Safe

By DeVry University

Storing private health information online is nothing new. In fact, some healthcare institutions have been using electronic medical records for over 20 years now. While maintaining this information online offers a slew of benefits, such as doctors having the ability to easily capture and manage a patient’s history,   your private health information stored online could be at risk due to an evolving technological threat: cyberattacks. As healthcare technology evolves, the need for cybersecurity in healthcare is more important than ever when it comes to protecting your health information and minimizing fraud. Here are some important things to know about keeping your sensitive information from falling into the wrong hands. 

Understanding the Growing Threat

Cyberattacks on healthcare companies grew 320% from 2015 to 2016. That's a huge jump! The healthcare industry has become a major target for hackers for a several reasons, including:

  • The sensitive nature of their information
  • Information stolen from hospitals is harder to track, which lets cybercriminals make money while staying in the shadows
  • Healthcare has been slow to adopt cybersecurity measures

The Healthcare Information and Management Systems (HIMSS) Analytics 2016 study revealed approximately 85% of healthcare organizations view security as a business priority. Given the increasing threat of cyberattacks, it might not be surprising to see that number grow — particularly as healthcare technology continues evolving and as patients become more aware that their sensitive information is at risk.

Why Do Hackers Want Your Private Health Information?

If the thought of having your medical history broadcasted for the world to see makes you blush, you aren't alone. But, hackers aren't really all that interested in your medical information; they’re interested in how they can use it. Before you breathe a sigh of relief, consider this: your medical records are the perfect gateway to identity theft.

Your name, address, date of birth and Social Security number are all in one convenient location — ripe for stealing. Cybercriminals can take your private health information (PHI) and sell it for high prices. In fact, stolen medical records sell for 10 to 20 times more than stolen credit card numbers. In some cases, criminals made $50 on medical records for every $1 they would otherwise make for your credit card information. The growing interconnectivity in healthcare and the lucrative market for your private information creates a perfect storm for cyberattacks.

Types of Healthcare Cyberattacks

Experts estimate cyberattacks affect one in eight patients. As we now know, private health information is a lucrative asset for cybercriminals. Interconnectivity and the way information is shared via cloud storage make it easier for criminals to access your private information. But how are they doing it?

  • Stolen Private Health Information and Financial Data: Hacking medical records is the most common cyberattack. The Anthem data breach is probably one of the best examples. Hackers stole the private health information of 80 million people, as well as tens of millions of medical records in this 2015 cyberattack.
  • Ransomware: In a ransomware attack, malicious software infiltrates a computer network and locks all of its files until the organization pays a ransom to unlock the information. During a 10-day ransomware attack, hackers held Hollywood Presbyterian Medical Center (HPMC) in Los Angeles, California, hostage. In the end, HPMC paid $17,000 to the hackers to release the electronic health records system.
  • Insurance Fraud: Hackers use personal data in combination with policy numbers and diagnosis codes to file fake claims with health insurance companies and collect reimbursement for non-existent services. Hackers can also use the information to make fake IDs that they later use to buy medical equipment or medication to sell.
  • Social Engineering: Cybercriminals target healthcare employees through publicly available contact information. They send phishing emails with links or attachments. As soon as the link is accessed, the user's computer is infected with malware that can spread throughout the entire health system. It happened in 2013 at the University of Washington School of Medicine. The hospital discovered the breach quickly, but not fast enough to protect patient information. 

How can Healthcare Institutions Protect You?

You don't want cybercriminals anywhere near your health information or medical devices — and neither do medical providers. Artificial intelligence and machine learning are shaping up to be potential game changers in cybersecurity for the healthcare industry. Organizations can use this evolving technology to identify threats, assess risks and shorten the amount of time between finding a breach and fixing the problem.

While these new technologies can help mitigate cyberattacks, they won't replace the need for qualified cybersecurity specialists, which the industry is sorely lacking. The growing demand for cybersecurity specialists in all industries creates a shortage that's difficult for many healthcare providers to manage. But with that shortage, comes opportunity. The U.S. Bureau of Labor Statistics is predicting an 18% growth in the field of information security from 2014 to 2024, which means the future is looking bright for those interested in this field.

Brought to you by DeVry University where we put technology at the core of our business, tech and healthcare education, including a specialization in cyber security, to help prepare students to solve the problems of tomorrow.

Important information about the educational debt, earnings, and completion rates of students who attended this program can be found at