Healthcare Data Breaches: A Growing Threat

Is your facility at risk of a data breach? Learn what to look out for and how you can protect your facility, patients, and staff from malicious attacks.

blog image

Data breaches are on the rise. Recent data shows an upward trajectory in number of data breaches affecting 500 or more records in the past 10 years. Healthcare providers and organizations are especially vulnerable to cyberattacks because they store and manage sensitive medical and patient information. Even facility staff can put patients at risk through carelessness, inattention, or ill intent. How can healthcare providers and facilities reduce the risk of a data breach?

Types of data breaches

A data breach is the exposure or use of data without authorization. Although a data breach in any business is unsettling and damaging, it is especially concerning to healthcare operations due to the vast amounts of patient data that is collected, managed, and stored. There are two main types of data breaches: internal and external.

  • Internal data breaches involve a staff member who either assists or carries out the malicious activity, or who is simply careless and inattentive, leaving sensitive information vulnerable to outside parties. This type of data breach can result from unauthorized access, improper disposal of sensitive data, theft, or sharing of confidential data to an unauthorized party.
  • External data breaches are caused by someone outside the company. They can take several forms, but some of the most common include malware, ransomware, phishing, viruses, or hacking

A data breach can expose personal information such as:

  • Names
  • Birth dates
  • Addresses
  • Health insurance information
  • Treatment and diagnosis information
  • Driver’s license numbers
  • Financial account information
  • Payment card information
  • Social security numbers

If this information is obtained by those with malicious intent, dire consequences can follow.

Consequences of a data breach

A single medical record can sell for hundreds of dollars on the dark web, but the actual consequences to the patient whose records are compromised can be many times that.

For instance, a cybercriminal with a person’s driver’s license number and bank account information can wipe out that person’s life savings. With personal data in hand, cybercriminals have the power to steal that person’s identity to apply for credit cards, seek medical services, and more. It can take months or even years before a malicious user takes advantage of the stolen information, which can leave victims unaware of the activity until the repercussions have become devastating.

For healthcare facilities, damage to their reputation can have long-lasting consequences. Whether a data breach directly affects them or not, new and existing patients may lose trust in the facility and its associated providers, ultimately opting for an alternative choice. This loss of patients can have a significant impact on the financial health of a facility.

If a cybercriminal manages to install malware or ransomware on an organization’s network, they can cause a number of issues, including preventing providers from accessing a patient’s records, thereby negatively impacting patient care. And, of course, there can be legal consequences. A healthcare facility can be held liable for damages caused by the data breach.

Protecting Your Facility

Healthcare teams must be vigilant in protecting their data and networks. It’s important for staff to understand basic email security, such as recognizing phishing attempts and not clicking on links from unknown or suspicious senders. Access control is another critical area that can help teams restrict access to data based on specific permission settings. Staff should be able to access only information necessary to perform their duties.

A documented incident response plan will help teams know what to do in the event of a data breach. This plan will differ based on the unique needs and structure of the organization, but in general should include:

  • Incident response team members and contact information
  • Definition of a data breach and criteria to assess the situation
  • Notification procedure
  • Lockdown plan
  • Communication plan

Healthcare facilities also should have a backup of important data stored offsite or in the cloud.

As long as sensitive data exists, there will be cybercriminals conceiving new ways to exploit it. Cybersecurity attacks continue to evolve and increase in sophistication, requiring healthcare teams to remain diligent and steadfast in the security of healthcare information.

Need additional support to protect your data? The experts at TruBridge can help you secure your data and protect your patients, staff, and facility. For more information, visit or call 877-543-3635.