Healthcare in Cybersecurity

In 2019, the healthcare field is a top target for ransomware and other cyber-attacks. In 2018, healthcare organizations, on average, spent $1.4 Million to recover from cyber attacks (Radware). Eight of those breaches exposed over 500,000 healthcare records, and three of those breaches revealed over a million. Healthcare was the second-most attacked industry after the government sector.

The most recent healthcare data breach reports are listed below.

  • DCH Health System has been forced to close all three of its Alabama hospitals for all but critical new patients following a ransomware attack. The attack prevented staff at DCH Regional Medical Center in Tuscaloosa, Northport Medical Center, and Fayette Medical Center from accessing computer systems, which were taken out of action as a result of the attack which commenced in the early hours of Tuesday, October 1, 2019.
  • Campbell County Health in Gillette, WY, has experienced a ransomware attack that has disabled hospital systems and is preventing access to patient information. The attack started in the early hours of Friday, September 20, 2019.
  • Goshen Health in Indiana has started notifying 9,160 patients that some of their protected health information (PHI) may have been compromised in a phishing-related email breach in August 2018.
  • Wood Ranch Medical in Simi Valley, CA, servers being infected with ransomware attack occurred on August 10, 2019, announced that the practice would permanently close on December 17, 2019, as a direct result of a ransomware attack.
  • Jacksonville, FL-based North Florida OB-GYN has discovered hackers gained access to certain parts of its computer system containing patients’ personal and health information and deployed a virus that encrypted files. Upon discovery of the breach on July 27, 2019.
  • Security researchers at Armis have identified 11 vulnerabilities in the Interpeak IPnet TCP/IP Stack, a third-party software component used in hospital networks and certain medical devices. The vulnerabilities were reported to the DHS Cybersecurity and Infrastructure Security Agency (CISA) prompting an ICS Medical Advisory and a Food and Drug Administration (FDA) Safety Communication.

    Many of the cybersecurity breaches could have been avoided if a HIPAA risk assessment had identified a vulnerability that was later exploited to gain access to protected health information (PHI).

Are you HIPAA Compliant?

Please fill out the simple form, we will send you a HIPAA self-evaluate form for your practice or organization. One of our Cybersecurity compliance experts will contact you promptly.

Contact Person*
Email Address*
Job Title
Company Name*
Company Website

About the Author: Jenny Jo

Jenny Jo is the president and co-founder of MJJT Consultants. Ms. Jo is a Software Engineer, a Cyber Security Auditor, and an IT Project Manager. She is also a Certified Informatin Security Manager (CISM) which certifies her to audit information systems, as well as design, build, and magage businesses' information security programs.