language Country

Healthcare Security & Cybersecurity Statistics

Healthcare technology is growing exponentially as clinicians realize the value of connectivity. But with this advancement comes new opportunities for cybercriminals. In 2017, there was a total of 477 healthcare breaches that impacted approximately 5.6 million patient records.1

On average, the healthcare industry allocates less than 6% of its overall budget to cybersecurity.2 Therefore, cybersecurity education plays a vital role in defending healthcare organizations from experiencing a data breach.

What Is Cybersecurity?

Cybersecurity is defined as the various techniques used to protect information systems from unauthorized users and malicious attacks. Cybersecurity in the healthcare industry is key as sensitive patient health information can be stored on computers and other medical devices.

What’s at Risk?

Medical records can be one-stop shops for cybercriminals as they contain patient health information (PHI) that can’t be deleted or easily changed, making them a valuable target. For example, patient health records can be sold for as much as $363 on the black market which is more than any piece of information from other industries.3 Types of PHI that are valuable to cybercriminals include:

  • Name
  • Address
  • Telephone number
  • Social security number
  • Biometric data
  • Diagnostic images

How Is Patient Information Compromised?

Cybercriminals use a wide variety of different tactics to acquire patient data. As a result, it is important for clinicians to be able to recognize and report threats made against an organization. Here is a list of common tactics employed by cybercriminals to acquire PHI:

  • Disposal errors
  • Privilege abuse
  • Theft
  • Hacking
  • Data mishandling
  • Ransomware

Impacts of a Data Breach

Currently, data breaches are costing the U.S. healthcare industry about $6.2 billion per year.5 In addition to the financial impact a data breach has on an organization, it can also result in a multitude of other adverse effects including:5

  • HIPAA violation fines and other costs
  • Business interruption
  • Threats to patient safety
  • Compromised EMR security
  • Decrease in trust among customers
  • Loss of customers
  • Reputational damage

What Can You Do?

It’s important for healthcare organizations to implement security measures to safeguard both hardware and software from cybercriminals. Below are some important cybersecurity best practices to help protect your patients and organization:6, 7, 8

  • Securing your connected medical devices via access controls (Ask your IT department how your hospital handles this today)
  • Creating strong passwords using a combination of letters, numbers and symbols
  • Accessing PHI through secure applications and web portals
  • Logging out of devices and locking computers when not in use
  • Backing up data in case information is compromised
  • Participating in cybersecurity training to aid in threat detection and response

Cybersecurity is a growing component of patient safety, and it starts with you. Be sure to check out our helpful infographic that shares key healthcare cybersecurity statistics.

Cybersecurity infograhic titled Don't Take the Bait


1. Healthcare Informatics. 2017 Breach Report: 477 Breaches, 5.6M Patient Records Affected. Accessed October 9, 2018.

2. CyberPolicy. 4 Healthcare Cybersecurity Stats That'll Raise Your Blood Pressure. Accessed October 9, 2018.

3. Arora, Saloni. Hackers Selling Healthcare Data in the Black Market. Accessed November 1, 2018.

4. HIPAA Journal. Healthcare Data Breach Statistics. Accessed November 27, 2018.

5. Ponemon Institute Research Report: Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data. Accessed May 2016.

6. Medical Economics. 10 Ways to Improve Patient Data Security. Accessed November 1, 2018.

7. Heimdal Security. 13 Warning Signs that Your Computer is Malware-Infected [Updated 2018]. Accessed November 1, 2018.

8. American Medical Association. Checklist for Office Computers. Accessed November 1, 2018.