Executive Summary

Today, “data privacy” is practically an oxymoron. Patients want their health information to be accessible and protected. But cyberattacks on healthcare providers are surging, with the twin goals to extract sensitive data and hefty ransom payments. The costs are mounting.

How are cyberattacks affecting healthcare providers?

Healthcare providers are under heavy pressure to protect their systems from breaches. In 2020, close to two cyberattacks per day were made on healthcare organizations and their business associates. That rate has escalated in 2021 and shows no signs of slowing. Patient health information is the prize, both for the trove of sensitive information and the price these records command on the dark web. The average cost of a US healthcare data breach to the targeted entity is now $9.23 million, even without a ransom payment.

What tactics are being used to penetrate health systems?

“Ransomware as a Service” is on the rise. It’s being sold as a subscription-based model on the dark web, and buyers get the latest, greatest version to execute their own attacks. Successful penetration can shut down a health system’s critical digital network, including electronic health systems. If not detected in time, attackers can extract patient data for sale or extortion purposes while demanding millions of dollars in ransom.

What are healthcare providers doing to mitigate these attacks?

Cybersecurity strategies are shifting with the attacks. The emphasis on protecting the perimeter against penetration is giving way to “zero trust” security and automation to continually monitor and guard all systems and data. IT professionals are fighting AI-driven attacks with AI-driven defenses.

WHAT’S IN THIS REPORT? An examination of the healthcare data privacy landscape in 2021; how consumers view their data; the shift in tactics used by cybercriminals; and how healthcare providers are maneuvering their budgets and institutions to respond.

KEY STAT: Public awareness of cyberattacks spiked in 2021 following the Colonial Pipeline and JBS Foods incidents. Now 86% of likely voters in the US are very or somewhat concerned about such attacks on infrastructure like hospitals and energy grids.