Skip to Content

2015 Could Be the Year of the Hospital Hack

Health-care organizations often store medical records and other information insecurely.
December 23, 2014

Along with vast troves of credit card information and celebrity snapshots, hackers stole a record number of medical records from U.S. health-care facilities this year. In 2015, attacks targeting health data will become even more common, according to security researchers.

Carl Leonard, principal security analyst for Websense, says hackers are breaking into the computer networks of health-care facilities with increasing frequency and taking valuable personal information that is often secured improperly. In August, Websense researchers reported that over the previous 10 months they had observed a 600 percent increase in attacks on hospitals (See “Hackers Are Homing In on Hospitals”). Leonard’s group now predicts that in 2015 the health-care industry will see a “substantial increase” in thefts of data.

The cause of the uptick isn’t hard to diagnose. Medical organizations across the world are switching to electronic medical records, and computer security is not always a high enough priority during the process, says Leonard. Besides that, he says, easy and fast access to medical information often trumps security.

Various studies suggest that cyber-thieves have identified health data as a soft target. The Ponemon Institute, a U.S. privacy think tank, found that 40 percent of health-care organizations surveyed in 2014 reported being attacked by malware designed to steal data, up from 20 percent in 2010. The Privacy Rights Clearinghouse, which tracks large computer security breaches, reports that nearly four million more records were stolen this year than in any previous year.

Credit card information is less valuable on the black market than it was several years ago, says Don Jackson, director of threat intelligence at the security firm PhishLabs. That market is flooded, and credit card information is becoming less useful without supporting identification information, he says.

Medical records, however, often contain both identification information, such as Social Security numbers, and financial information. This can be enough to build a near-complete picture of an individual. And such information can command hundreds of dollars from black-market customers wanting to impersonate someone for the purpose of accessing bank accounts or drug prescriptions.

Hackers now have “almost a big-data mentality,” Jackson says, in that they routinely deal with huge amounts of information and can draw correlations between disparate sets of stolen data to piece together whole identities.

New devices, including smartphones, tablets, and various medical devices, are being connected to health-care facilities networks at an increasing rate. This could introduce new vulnerabilities, says Leonard.

Keep Reading

Most Popular

This startup wants to copy you into an embryo for organ harvesting

With plans to create realistic synthetic embryos, grown in jars, Renewal Bio is on a journey to the horizon of science and ethics.

VR is as good as psychedelics at helping people reach transcendence

On key metrics, a VR experience elicited a response indistinguishable from subjects who took medium doses of LSD or magic mushrooms.

This nanoparticle could be the key to a universal covid vaccine

Ending the covid pandemic might well require a vaccine that protects against any new strains. Researchers may have found a strategy that will work.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.