Carley Tobola

Doctor Said

Writing as Inquiry 007

12 October 2021

Causes and Effects of Healthcare Industry Data Breaches

How would you feel if your personal medical history was being sold on the black

market? This can be a daunting thought when you realize how much information, like your social

security number and credit cards, is kept inside these databases that are constantly at risk of

being hacked. Hackers are interested in getting ahold of your Personal Health Information (PHI)

which can be sold for 350 times more than the price of credit card information, making

healthcare databases particularly prized targets (Sager). Millions of Americans trust that their

information will be kept safe and out of the hands of identity thefts and criminals. Weak

passwords, malware, and a lack of education among companies are leading to healthcare

practices being unable to operate and the loss of trust from patients.

Causes

A primary cause of data breaches in the healthcare industry is weak passwords for nurses

and doctors protecting their individual computers. According to the 2020 Verizon Data Breach

Investigations Report, 81% of data breaches were caused by weak passwords (Manjarres).

Passwords are the first line of defense to protect a website and users’ information, therefore,

taking the time to create a strong password can make a paramount difference in security. A

password with a mix of six lowercase and capital letters has 19 billion combinations. However,

when two more letters are used, the possibilities increase to 218 trillion (Johannes) which

significantly lowers the odds that your password will be engineered by a hacker.
 Another cause of data breaches in the healthcare industry is malware. Malware is

software that is used to change the way a computer works to get into secure information.

Malware can come in many different forms, some including sending a disguised email with a

link or file that, once opened, infects the computer (Seh et al.). Your computer can also get

infected by being on the same network with another infected computer. The virus can spread

through that connection, almost like an actual sickness (Seh et al.). While some attempts are

being made to educate the workforce on these issues, the viruses are only effective when they

catch people off guard, illustrating the dire need for better technological literacy.

While weak passwords and malware are causes of data breaches in the healthcare

industry, the root cause is the lack of companies to educate their employees of proper

precautions. The healthcare industry is a bigger target for attacks, so they must take greater steps

to fight them by educating their employees and hiring companies to make sure their data is

protected (Seh et al.). In an interview with Brigitte Tobola, a cybersecurity consultant at National

Institutes of Health, she stated “The biggest vulnerability is the employees’ lack of knowledge on

how to properly protect their computers” (Tobola). Companies must make sure they are using the

most up to date infrastructure to give their employees the proper tools to protect their

information. If they slack off in updating their systems, cyber criminals will catch up and gain

access. In recent years, companies have been joining outsourced networks without the

knowledge that hackers can use these networks as backdoors to access data versus using a

private system that would be more secure (Irwin).

Effects

One of the biggest effects of data breaches healthcare practices face is their inability to

work as they are trying to grapple with the breach itself which can be an issue for both the
practice and the patients, as the practice needs money and the patients need care. Depending on

the state, most breaches need to be reported within the first 72 hours, so practices must be

diligent in their process (Irwin). The first priority is containing the breach to ensure that no more

data gets exploited. The next step is to determine what information got breached and how

sensitive that data is. One of the most important steps is to notify your patients about the breach

and explain what they should expect. The company should acknowledge their cybersecurity

weaknesses and put protocols in place to prevent future breaches (Irwin). If a practice is putting

all of their resources into containing a breach, they will not have the adequate resources to take

care of their patients.

Another effect of data breaches in the healthcare industry is the loss of trust from

patients. In an interview with Brigitte Tobola, she added, “Practices, especially smaller ones, get

their patients through referrals,” so keeping a good reputation with patients is key to a successful

business (Tobola). With so much competition in the healthcare sector, consumers are benefited

because if they feel they are at an inadequately protected firm, they can transition to a wide

variety of others, but on the same token one mistake can ruin the reputation of a company and

sink them.

Conclusion

In conclusion, data breaches are problems that stem from a lack of education among

employees. Because the healthcare industry is two to three times more likely to face cyber

attacks than other industries, practices need to take the time and attention in order to eliminate it

or else individuals will continue to have their right to privacy infringed upon (Sager). According

to the U.S Department of Health and Human Services Office for Civil Rights, over 15 million

health records have already been exploited ("Breach Portal: Notice to the Secretary of HHS
Breach of Unsecured Protected Health Information"). Knowledge is power in this case, with

proper knowledge, healthcare employees would be equipped to combat these rampant data

breaches by simply preventing them from happening.

Table 4 shows the total number of healthcare data breaches and the total number of individuals

affected between the years of 2010-2017 (Seh et al.).

Works Cited

"Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health

Information." U.S. Department of Health and Human Services Office for Civil Rights,

ocrportal.hhs.gov/ocr/breach/breach_report.jsf. Accessed 7 Oct. 2021. Table.

Irwin, Luke. "How to Recover from a Data Breach." IT Governance, 16 July 2020,

www.itgovernance.eu/blog/en/how-to-recover-from-a-data-breach. Accessed 7 Oct.

2021.

Johannes, Lourdes. "Weak Passwords." U.S. Department of Commerce Office of Security

Western Region Security Office, 28 Nov. 2001,

www.wrc.noaa.gov/wrso/security_guide/password.htm. Accessed 10 Oct. 2021.

Manjarres, Sam. "2021 World Password Day: How Many Will Be Stolen This Year?"

Secplicity, WatchGuard Technologies, 4 May 2021,

www.secplicity.org/2021/05/04/2021-world-password-day-how-many-will-be-stolen-

this-year/. Accessed 10 Oct. 2021.

Sager, Tony. "Cyber Attacks: In the Healthcare Sector." Center for Internet Security, 7 Feb.

2017, www.cisecurity.org/blog/data-breaches-in-the-healthcare-sector/. Accessed 7

Oct. 2021.

Seh, Adil Hussain et al. “Healthcare Data Breaches: Insights and Implications.” Healthcare

(Basel, Switzerland) vol. 8,2 133. 13 May. 2020, doi:10.3390/healthcare8020133

Tobola, Brigitte. Telephone interview with the author. 8 Oct. 2021.