(913) 396-8321

Cyber Security Update

Cyber Security Key Statistics

  • There have been a lot of high-profile data breaches1
  • Hacking continues to be the biggest breach event category, even though it is only 11% of the "Number of Incidents"
  • 96.7% of all patient data hacked took place in 2015!
  • Even a great security program has vulnerabilities that can eventually be exploited (100% secure = 0% functional)
  • "Hackers took an average of 100 hours to get into a good IT infrastructure and 147 hours to breach an excellent infrastructure; however, after an average of 209 hours trying to get in, they gave up" (Scott Whyte, senior vice president at ClearDATA)
  • Cyber-attackers only have to succeed once
Year Hacking Events Reported to HHS Number of Hacking Events Reported Number of Patients Affected in Hacking Events for the Year
2010 10 568,358
2011 16 297,269
2012 16 900,684
2013 19 206,998
2014 31 1,786,630
2015 59 111,833,241
Primary Cyber Threat Agents
  • Organized crime (e.g., Russian mafia)
  • Nation states (e.g., North Korea, China, Iran)
  • Hacktivists (e.g., Anonymous and Lizard Squad)
  • Business Associates (Responsible for 17% of the reported breaches to HHS)
  • Malicious and negligent insiders (e.g., an authorized user misusing their access privileges)
Targets of Cyber Criminals
  • User credentials (user IDs and passwords)
  • Protected Health Information (PHI)
  • Credit card data and bank account numbers
  • Social Security Numbers
  • Research data and proprietary data
  • Smartphones
  • Biomedical devices (affects patient health and safety)
Internet of Things
  • The "Internet of Things" makes some tasks easier but increases risks for hacking
  • Remote control and monitoring are widely used in healthcare

Every hospital employee and workforce member is a prime target for an attack!

  • Cyber-attacks and hacking grew more sophisticated; attackers are evolving
  • Even the strongest security won't prevent all breaches; not prepared for an evolving adversary
  • Breaches are taking longer to detect and resolve (204 days is the average time a hacker/intruder is inside a company's network before detection)
  • High demand for cybersecurity professionals; currently is a negative unemployment rate
  • Cost associated with attacks are going up
    • Identity theft protection
    • Indirect costs too - Reputational harm (hard to measure)
  • Cyber insurance
    • Policy premiums are on the rise because of the rise in cyber attacks
    • Number of exclusions are also increasing, making it more difficult to settle a claim
    • Policy doesn't protect the hospital from breach liability
Top Seven Healthcare Breaches
(Affecting more than 1 million people)
  1. Anthem: 78.8 Million affected (February 2015)
  2. Premera Blue Cross: 11 Million affected (Disclosed in January 2015; attack started in May 2014)
  3. Excellus BlueCross BlueShield: 10 million affected (August 2015; attack started in December 2013)
  4. UCLA Health: 4.5 million affected (Disclosed in July 2015; attack started in September 2014)
  5. Medical Informatics Engineering: 3.9 Million affected (Disclosed in May 2015; attack started in May 2015)
  6. 21st Century Oncology: 2.2 million affected (Disclosed in March 2016; attack started in October 2015; notified by FBI in November)
  7. CareFirst BlueCross BlueShield: 1.1 Million affected (Disclosed in May 2015; attack started in June 2014)
Hospitals Recently Affected by Ransomware

In the first few months of 2016, the following hospitals made national and international news because of ransomware:

  • Hollywood Presbyterian Medical Center (Hollywood, CA)
  • Methodist Hospital (Henderson, Kentucky)
  • King's Daughters' Health (southeast Indiana)
  • Prime Healthcare Services had three hospitals affected:
    • Alvarado Hospital Medical Center (San Diego, CA)
    • Chino Valley Medical Center (Chino, CA)
    • Desert Valley Hospital (Victorville, CA)
  • MedStar Health (network of 10 Maryland hospitals)
  • Ottawa Hospital (Canada)
  • Lukas Hospital (Germany)
  • Klinikum Arnsberg Hospital (Germany)


Latest News