Skip to Content

2015 Could Be the Year of the Hospital Hack

Health-care organizations often store medical records and other information insecurely.
December 23, 2014

Along with vast troves of credit card information and celebrity snapshots, hackers stole a record number of medical records from U.S. health-care facilities this year. In 2015, attacks targeting health data will become even more common, according to security researchers.

Carl Leonard, principal security analyst for Websense, says hackers are breaking into the computer networks of health-care facilities with increasing frequency and taking valuable personal information that is often secured improperly. In August, Websense researchers reported that over the previous 10 months they had observed a 600 percent increase in attacks on hospitals (See “Hackers Are Homing In on Hospitals”). Leonard’s group now predicts that in 2015 the health-care industry will see a “substantial increase” in thefts of data.

The cause of the uptick isn’t hard to diagnose. Medical organizations across the world are switching to electronic medical records, and computer security is not always a high enough priority during the process, says Leonard. Besides that, he says, easy and fast access to medical information often trumps security.

Various studies suggest that cyber-thieves have identified health data as a soft target. The Ponemon Institute, a U.S. privacy think tank, found that 40 percent of health-care organizations surveyed in 2014 reported being attacked by malware designed to steal data, up from 20 percent in 2010. The Privacy Rights Clearinghouse, which tracks large computer security breaches, reports that nearly four million more records were stolen this year than in any previous year.

Credit card information is less valuable on the black market than it was several years ago, says Don Jackson, director of threat intelligence at the security firm PhishLabs. That market is flooded, and credit card information is becoming less useful without supporting identification information, he says.

Medical records, however, often contain both identification information, such as Social Security numbers, and financial information. This can be enough to build a near-complete picture of an individual. And such information can command hundreds of dollars from black-market customers wanting to impersonate someone for the purpose of accessing bank accounts or drug prescriptions.

Hackers now have “almost a big-data mentality,” Jackson says, in that they routinely deal with huge amounts of information and can draw correlations between disparate sets of stolen data to piece together whole identities.

New devices, including smartphones, tablets, and various medical devices, are being connected to health-care facilities networks at an increasing rate. This could introduce new vulnerabilities, says Leonard.

Keep Reading

Most Popular

A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook?

Robot vacuum companies say your images are safe, but a sprawling global supply chain for data from our devices creates risk.

A startup says it’s begun releasing particles into the atmosphere, in an effort to tweak the climate

Make Sunsets is already attempting to earn revenue for geoengineering, a move likely to provoke widespread criticism.

10 Breakthrough Technologies 2023

Every year, we pick the 10 technologies that matter the most right now. We look for advances that will have a big impact on our lives and break down why they matter.

These exclusive satellite images show that Saudi Arabia’s sci-fi megacity is well underway

Weirdly, any recent work on The Line doesn’t show up on Google Maps. But we got the images anyway.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.