Skip to Content

2015 Could Be the Year of the Hospital Hack

Health-care organizations often store medical records and other information insecurely.
December 23, 2014

Along with vast troves of credit card information and celebrity snapshots, hackers stole a record number of medical records from U.S. health-care facilities this year. In 2015, attacks targeting health data will become even more common, according to security researchers.

Carl Leonard, principal security analyst for Websense, says hackers are breaking into the computer networks of health-care facilities with increasing frequency and taking valuable personal information that is often secured improperly. In August, Websense researchers reported that over the previous 10 months they had observed a 600 percent increase in attacks on hospitals (See “Hackers Are Homing In on Hospitals”). Leonard’s group now predicts that in 2015 the health-care industry will see a “substantial increase” in thefts of data.

The cause of the uptick isn’t hard to diagnose. Medical organizations across the world are switching to electronic medical records, and computer security is not always a high enough priority during the process, says Leonard. Besides that, he says, easy and fast access to medical information often trumps security.

Various studies suggest that cyber-thieves have identified health data as a soft target. The Ponemon Institute, a U.S. privacy think tank, found that 40 percent of health-care organizations surveyed in 2014 reported being attacked by malware designed to steal data, up from 20 percent in 2010. The Privacy Rights Clearinghouse, which tracks large computer security breaches, reports that nearly four million more records were stolen this year than in any previous year.

Credit card information is less valuable on the black market than it was several years ago, says Don Jackson, director of threat intelligence at the security firm PhishLabs. That market is flooded, and credit card information is becoming less useful without supporting identification information, he says.

Medical records, however, often contain both identification information, such as Social Security numbers, and financial information. This can be enough to build a near-complete picture of an individual. And such information can command hundreds of dollars from black-market customers wanting to impersonate someone for the purpose of accessing bank accounts or drug prescriptions.

Hackers now have “almost a big-data mentality,” Jackson says, in that they routinely deal with huge amounts of information and can draw correlations between disparate sets of stolen data to piece together whole identities.

New devices, including smartphones, tablets, and various medical devices, are being connected to health-care facilities networks at an increasing rate. This could introduce new vulnerabilities, says Leonard.

Keep Reading

Most Popular

Europe's AI Act concept
Europe's AI Act concept

A quick guide to the most important AI law you’ve never heard of

The European Union is planning new legislation aimed at curbing the worst harms associated with artificial intelligence.

Uber Autonomous Vehicles parked in a lot
Uber Autonomous Vehicles parked in a lot

It will soon be easy for self-driving cars to hide in plain sight. We shouldn’t let them.

If they ever hit our roads for real, other drivers need to know exactly what they are.

supermassive black hole at center of Milky Way
supermassive black hole at center of Milky Way

This is the first image of the black hole at the center of our galaxy

The stunning image was made possible by linking eight existing radio observatories across the globe.

transplant surgery
transplant surgery

The gene-edited pig heart given to a dying patient was infected with a pig virus

The first transplant of a genetically-modified pig heart into a human may have ended prematurely because of a well-known—and avoidable—risk.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.