According to a brief issued by Health and Human Services, electronic health records (EHRs) are valuable to cyberattackers because of the protected health information they contain and their potential for black market profitability.
“Extortion, fraud, identity theft, data laundering, hacktivism/promotion of political programs, and sabotage are some ways cyberattackers use this data for profit,” HHS said.
The briefing states that in 2020, nearly 2,354 US government agencies, healthcare facilities, and schools were affected by a significant surge in ransomware, causing significant disruption across the healthcare industry. Additionally, according to HHS, data breaches have increased significantly. According to the HIPAA Journal’s 2020 Healthcare Data Breach Report, the healthcare industry saw the third-highest number of data breaches in 2020 since 2009.
Data breaches targeting EHRs have also had a financial impact on the healthcare industry. The document cites an IBM study showing that the average cost per incident was $9.3 million in 2021.
Phishing attacks, malware and ransomware attacks, encryption blind spots, and cloud threats are among the top threats to EHRs.