According to a report from the Identity Theft Resource Center, 2023 is already the worst year for cyberattacks and data breaches in the US… and there is still a quarter to go.

Healthcare an easy and lucrative target

The financial sector is the primary target with healthcare the second most common sector targeted by cyber-criminals. This is not surprising given the huge volume of high dollar value healthcare data they store.

Healthcare organizations are softer targets for cyberattackers. They often do not have the security measures in place that other organizations do and they employ large numbers of individuals to target for social engineering or phishing attacks.

Further, healthcare related data has a long lifespan, is highly connected, and it’s harder to identify misuse unlike financial data which is relatively easy to monitor and change if fraud is suspected. These factors add to health data’s value on the black market. Estimates vary but reports show healthcare data can be worth up to 50x more than the next highest type of record – financial.

Other motivations

In many countries, like here at home in Canada, healthcare is part of the national critical infrastructure. This can make the sector a target for non-financial motives.

Disruption and geopolitical motivations can also be reasons for cyberattacks on healthcare. During Covid-19 cyberattacks increased and the likely target was the intellectual property and research data. International conflicts like those in Ukraine and Israel further provide motivation for attackers.

What about Canada?

Canadian healthcare is not immune to the cyberattacks that are so well reported by our friends to the south. Some report that almost half of all security breaches in Canada are in the healthcare industry. This appears to contrast with a second report that indicates just over 8% of all cyberattacks in Canada are against the healthcare sector. It’s important to reconcile those 2 figures. Only 8% of all cyberattacks are against healthcare facilities but almost 50% of BREACHES (data loss) are attributed to healthcare. These numbers reinforce the belief that healthcare institutions are lagging behind on cybersecurity readiness and preparation.

What can we do?

It’s important to understand the role Biomedical/Clinical Engineering play in ensuring the cybersecurity resilience of our healthcare institutions. It is no longer the sole responsibility of IT-departments and IT-Security personnel. Our department is uniquely positioned to understand the clinical needs and technical requirements of 21st century medical technology and the cyber-risks that are associated with them.

Need help or just want another opinion? Reach out, we’re here to help.