Hostname: page-component-cd9895bd7-q99xh Total loading time: 0 Render date: 2024-12-26T10:42:37.837Z Has data issue: false hasContentIssue false

Cyberthreats and Healthcare

Published online by Cambridge University Press:  13 July 2023

Derrick Tin
Affiliation:
BIDMC/ Harvard Medical School, Cambridge, USA
Ryan Hata
Affiliation:
BIDMC/ Harvard Medical School, Cambridge, USA
Richard Staynings
Affiliation:
University of Denver, Denver, USA
Fredrik Granholm
Affiliation:
Swedish Air Ambulance, Mora, Sweden
Gregory Ciottone
Affiliation:
BIDMC/ Harvard Medical School, Cambridge, USA
Rights & Permissions [Opens in a new window]

Abstract

Core share and HTML view are not available for this content. However, as you have access to this content, a full PDF is available via the ‘Save PDF’ action button.
Introduction:

Cyberattacks against healthcare have been growing at an alarming rate globally targeting the theft of clinical research intellectual property, personally identifiable information, and personal health information. Recent studies have also shown a concerning correlation between cyberattacks and patient morbidity and mortality rates. Many top security experts consider cyberattacks a top national security concern.This paper is a descriptive analysis of healthcare-related breaches in the United States in the past decade and an analysis of cybersecurity threats that are currently facing the industry.

Method:

Breach reports of unsecured protected health information affecting 500 or more individuals in the US are publicly accessible through the U.S. Department of Health and Human Services Office for Civil Rights portal. The database was downloaded and searched for all reported breaches occurring between January 1, 2011 - December 31, 2021. Breaches were subdivided by states, dates, location, entity type, and individuals affected.

Results:

Of the 3,822 PHI breaches recorded, 1,593 (41.7%) were hacking/IT related, 1,055 (27.6%) were listed as unknown, 819 (21.4%) were theft related, 194 (5.1%) were loss related, 97 (2.5%) were related to improper disposal and 64 (1.7%) were listed as “others.”

Breaches occurred within the main categories as follows: network server (957 [25%]), email (877 [23%]), paper/films (665 [17%]), other (454 [12%]), laptop (341 [9%]), desktop (309 [8%]), and electronic medical records (220 [6%]).

Conclusion:

A total of 3,822 breaches affecting 283,335,803 people in the United States were recorded from January 1, 2011 to December 31, 2021.

The most reported breaches were from healthcare providers with 2,827 (75.1%) events, followed by health plans (500 [13.1%]), business associates (480 [12.6%]) and healthcare clearinghouses (10 [0.3%]). 4 (0.1%) breaches were from unknown sources.

This report may help healthcare providers understand the extent of the issue and mitigate some of the associated risks.

Type
Lightning and Oral Presentations
Copyright
© The Author(s), 2023. Published by Cambridge University Press on behalf of World Association for Disaster and Emergency Medicine