Data Breaches: A Chronic Condition
More firms are collaborating, as a defense against cyberattacks.
March 26, 2025
The figures are hard to believe: Last year, the number of hacked healthcare records in the US affected 180 million individuals, an all-time high. Thirteen of those breaches surpassed 1 million records, the largest of them involving the health data of 100 million patients.
Yes, your x-ray and Social Security number are probably floating around somewhere on the internet. But experts say there’s even more disturbing news: The breaches likely won’t stop anytime soon. “No matter how strong your security and systems are, if you are ultimately targeted, you’re likely at high risk,” says Doug Greenberg, North America market leader for healthcare at Korn Ferry.
Healthcare has long been ground zero for snooping, for the simple reason that it offers one-stop shopping for an extensive range of data (names, addresses, Social Security numbers, medical histories, and payment and insurance information) via many potential targets (millions of devices used by tens of millions of employees). Once stolen, the data is an asset with multiple income streams, but it’s most often used for insurance fraud or identity theft, or as a commodity on the black market—or all three. “It can be used for so much,” says Greenberg.
Privacy breaches in healthcare have always been a scourge. Long before HIPAA regulations, hospital staffers could peek at the records of neighbors or celebrities. These days, the scale of the crime has expanded, but the employee problem has not. At nearly one-third of healthcare organizations last year, data loss was caused by a careless user who clicked on a phishing link or accidentally shared a password.
Security experts are quick to point out that many organizations do have robust technology protections, and that many breaches are thwarted: 92 percent of healthcare organizations said they’d experienced a cyberattack in the past year. The average number of attacks per organization was 40, most of which were halted, according to one report. “There are serious policies that are updated regularly, and procedures that people train on,” says Lee Kim, senior principal for cybersecurity and privacy at the Healthcare Information and Management Systems Society (HIMSS) North America.
Some large-scale hackers are “sophisticated bad actors” who are either sponsored by a foreign country or directly represent one. These hackers are difficult to detect because they shield their presence by “living off the land,” a strategy where they use the systems’ own components to blend their breaches into everyday activities. Typically, they are aiming to achieve a specific task. “It’s rare that it’s arbitrary,” says Kim. “They’re precisely seeking certain kinds of information, but sometimes their purpose is obfuscated in a breach of millions of patients.” In other scenarios, a bad actor might demand money, then fund other operations with it. Less frequently, the goal is disruption and harm. “Sometimes they simply want to flex their muscles,” says Kim.
To fight back, information sharing among providers is expanding. Ten years ago, firms only shared within the US, says Kim. Today, attacks often move from east to west, first felling systems in Asia or eastern Europe, and then expanding into Europe and the Americas. As a result, coordination across continents is now a norm. “That way we have fewer blind spots,” says Kim. Experts say that many healthcare firms have also developed strong security, but that we should expect future attacks. “Nothing is bombproof,” says Greenberg.
Photo Credits: Thinkhubstudio, Elena Uve/Getty Images
