Why Healthcare Gets Hit Hardest With Cyberattacks
Our health data is some of the most confidential information we have, and the systems that most healthcare companies use to protect it from cybercrooks are somewhat sickly.
Thanks to a toxic mix of aging hardware, outdated software and shoestring operating budgets, they're increasingly susceptible to cybercriminals who are not only lured by a gold mine of data but also armed with state-of-the-art hacking tools, experts told The Daily Upside, leading to some of the largest data breaches in history. And the risks extend far beyond lost data and eye-popping ransom payments.
'There's really a direct danger to patient care and life,' says Rob Hughes, chief information security officer at security firm RSA. 'That's as serious as you can get. It's a different type of pressure.'
READ ALSO: NBA Finals Kick Off With an Old (Footwear) Friend and Tariffs Deliver Record Drop in US Trade Deficit
Statistics back him up: Last year was a landmark for healthcare data breaches. According to HIPAA Journal, there were 14 attacks involving the records of 1 million or more patients in 2024, exposing the records of more than 237 million individuals altogether. The biggest healthcare breach in history occurred only two months into the year, when ransomware attackers stole the data of 190 million people from Change Healthcare in February.
'There are a lot of vulnerabilities that healthcare organizations don't even realize they have,' said Alpesh Shah, vice president of security strategic alliance at Myriad360. 'Every individual who is touching a smart device is vulnerable to bring some sort of threat to the organization.'
The technological advances that have revolutionized healthcare over the past 50 years have simultaneously ramped up cybersecurity risks exponentially. The amount of personal information collected at healthcare facilities is mountainous, with every machine collecting bits of data on patient health at a constant rate.
Many of the technologically complex devices used daily or even hourly are operating on outdated software, Hughes said, a combination that leaves medical centers riddled with vulnerabilities.
For instance? A big MRI machine that still makes a nice MRI image but runs 'an old version of Windows that can't accept patches anymore,' he said.
Exacerbating the problem are security measures that often involve a patchwork of systems inexpertly quilted together, said Gary Salman, CEO of Black Talon Security. Healthcare organizations often use security solutions from multiple vendors, which can lead to a lack of standardization or centralization, he said.
While this puts them in a 'feel-good position,' the mishmash of products may not always cover the ground that it should while creating both unnecessary complexity and a glut of data. 'How do you triangulate all of this, especially in medium- and large-size healthcare organizations?' he asked.
At a more strategic level, few shareholders and healthcare practitioners prioritize cybersecurity budgets, focusing instead on delivering patient care. Smaller regional and rural healthcare facilities are often living below the 'cybersecurity poverty line,' he said. 'Security is going to come second.'
Plus, talented cybersecurity professionals have become increasingly sought after and expensive. And because of healthcare's limited budgets for technology, it doesn't always get the best cybersecurity talent, said Shankar Somasundaram, founder and CEO of Asimily.
'Healthcare may not always be able to pay the same amount,' said Somasundaram. 'Strong talent would go to another vertical, where they're getting paid more.'
While formidable to healthcare executives, the tangled web of cybersecurity challenges merely sweetens the pot for hackers who, according to Salman, view healthcare data as a 'pot of gold.' The information is highly sensitive, incredibly personal and usually deeply detailed. Plus, organizations are collecting massive amounts at a constant rate, he said. 'Any size healthcare organization that has anywhere from thousands to millions of patient records – the risk is high,' Salman said.
Selling such data to brokers through underground channels is also far more lucrative than pushing other types of data, Somasundaram added. When hackers sell credit card information, 'they have to collect 50 credit cards to make a single dollar,' he said. 'They can sell a healthcare record for tens of dollars each.'
Because of the sensitivity of health data – and the fact that these records generally can't be wiped or changed the way a credit card or phone number can – healthcare organizations will often pay up when hit with ransomware attacks, said Salman.
'Imagine having a human being's complete demographic profile. That data could be sold to pharmaceutical companies,' said Shah. 'Thieves will go where the money is. And data is the new money.'
Data loss is only the beginning of the problem, added Hughes. Cyberattacks can completely shut down healthcare facilities, forcing patients to seek care elsewhere, he said. In extreme cases, cyberattacks on healthcare organizations have been linked to fatalities, such as the 2019 attack on a hospital in Alabama that led to the death of a newborn.
'There is a state of mind that hackers are moral,' said Itay Glick, director of product at security firm OPSWAT. 'We need to understand that not all the attack groups share the same ethical standards that we think they should.'
Despite the growing risks, healthcare organizations all too often simply react to attacks rather than working to prevent them, said Salman. Along with putting patients at risk, the strategy ends up costing organizations a far larger sum than they would have paid to establish adequate cyber defenses.
While change often happens slowly, there are a variety of steps healthcare organizations can take to make themselves less attractive targets.
Some are simpler, such as consistent security patching, strengthening credentials and providing cybersecurity education to staff, said Hughes. Vulnerability and penetration-testing can also help organizations identify their biggest pitfalls, said Glick.
Backup Plan: Backing up data, meanwhile, is vital for healthcare organizations, Glick added. Since a major part of ransomware attacks is 'winning your data back,' having a backup stored can allow an organization to quickly recover, he said.
The most important fix, however, is making cybersecurity a priority, especially among leadership and stakeholders. Change and awareness have to come from the top, said Somasundaram. Rather than viewing cybersecurity as an additional cost, corporate decision-makers should treat it as a vital necessity.
'In any industry which prides itself on patient outcomes and patient wellness and improvement, they see cybersecurity as a cost, not an outcome-based thing,' Somasundaram said. 'But if they could see the tie between cybersecurity and patient impact or lives, then I do believe they'd invest.'
This post first appeared on The Daily Upside. To receive delivering razor sharp analysis and perspective on all things finance, economics, and markets, subscribe to our free The Daily Upside newsletter.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
an hour ago
- Yahoo
28bio Announces Nexon™ Neurotechnology Platform Powered by Engineered Human Brains
Exhibits complex neurological processes—including memory, learning, and cognition—and predicts human outcomes in preclinical drug development NEW ORLEANS, June 9, 2025 /PRNewswire/ -- 28bio today announced the Nexon™ neurotechnology platform—a major advancement in understanding human brain function. The platform integrates tissue engineering, neural interfacing and AI to engineer human brains at-scale and replicate complex neurological processes. The Nexon™ platform is now being used to improve the prediction of therapeutic efficacy and toxicity in humans, with several of the world's largest pharma companies already integrating Nexon™ into their drug development workflows. The Nexon™ platform also incorporates Organoid Intelligence (OI). The growing field of OI combines human brain organoids with brain-machine interfaces to model memory, learning, and cognition in vitro, offering novel functional cognitive biomarkers with the potential to reshape drug development in neurodegenerative disorders including Alzheimer's disease. Neurological drug development faces some of the highest failure rates in the pharmaceutical industry, due to poor translatability of animal models. Despite promising preclinical study results, many therapies ultimately fail in humans—contributing to a growing neurological health crisis and need for more predictive, human-relevant models. "We engineer human brains capable of elucidating the complexity of neurological processes and produce predictive data needed to change the trajectory of neurological drug development," said Alif Saleh, CEO of 28bio. "Industry and regulators are urgently asking for solutions to develop better neurological drugs faster and cheaper." About 28bio28bio is a neurotechnology company engineering human brains at-scale exhibiting memory, learning, and cognitive functions. Its Nexon™ platform integrates tissue engineering, neural interfacing, and AI to reverse today's neurological health crisis by improving the ability to predict which therapies will work in humans. 28bio is committed to advancing ethical standards in the development of brain organoid technology and engineered human cognition. For more information, visit View original content to download multimedia: SOURCE 28bio Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Medscape
an hour ago
- Medscape
Study Supports Follow-Up Consultations After Heart Failure
About 40% of patients with diagnosed heart failure did not pursue future cardiology consultations, regardless of the initial severity of their condition. A single follow-up cardiology visit can reduce 1-year all-cause mortality by 6%-9%, with additional visits showing increased benefit as the severity of heart failure increases. METHODOLOGY: A nationwide cohort study included 655,919 French patients (median age, 80 years; 48% women) diagnosed or hospitalized with heart failure between January 1, 2015, and December 31, 2019, and who were still alive on January 1, 2020. Researchers categorized patients into four groups: Those hospitalized with heart failure within the past year, those hospitalized with the condition between 1 and 5 years prior, patients not hospitalized but who were receiving loop diuretics, and patients who were not hospitalized and were not taking loop diuretics. TAKEAWAY: The 1-year risk for all-cause mortality ranged from 8% in patients without hospitalization or use of loop diuretics to 25% for those hospitalized for heart failure within the past year. Mortality risk increased progressively across groups, with an adjusted hazard ratio of 1.61 for patients using loop diuretics, 1.83 for patients using loop diuretics and hospitalized over 1 year prior, and 2.32 for patients hospitalized less than 1 year prior ( P < .0001 for all). < .0001 for all). A single cardiology consultation was associated with a 6%-9% absolute reduction in 1-year all-cause mortality across all groups. The optimal follow-up strategy varied by risk group: One annual visit for low-risk patients, two to three visits for intermediate-risk patients, and four visits for high-risk patients recently hospitalized with heart failure. IN PRACTICE: 'Despite having an HF diagnosis, 40% of patients do not see a cardiologist annually, regardless of disease severity. Simple stratification based on hospitalization history and diuretic use effectively predicts outcomes. Tailoring the annual number of [heart failure] consultations according to this stratification could optimize resource use and reduce avoidable modelled deaths,' the researchers wrote. 'This group represents a significant opportunity to improve survival outcomes with only a modest increase in the total number of consultations. Healthcare systems could formally assess the impact of this annual consultation through large-scale cluster trials, allowing for an evaluation of the broader population-level benefits of this approach,' they added. SOURCE: The study was led by Guillaume Baudry, MD, of the Université de Lorraine in Nancy, France. It was published online in the European Heart Journal and presented at the Heart Failure Association of the European Society of Cardiology (HFA-ESC) 2025 meeting. LIMITATIONS: Researchers excluded patients residing in nursing homes due to their advanced prognosis and unavailability of healthcare utilization data, which may have led to an underestimation of morbidity and mortality. The study did not include heart failure patients who had not been recently hospitalized and did not submit long-term condition paperwork. Important clinical data such as ejection fraction, heart failure phenotype, and prognostic biomarker values were unavailable. DISCLOSURES: The researchers reported receiving fees and grants and other relationships with various pharmaceutical companies including Abbott, AstraZeneca, Bayer, and Pfizer.
Yahoo
an hour ago
- Yahoo
Dating apps might be messing with your mental health
Jenny O'Hara initially signed on to a dating app to bump up her confidence. Fresh out of a 20-year marriage, the Neptune Township, New Jersey, resident didn't believe a man would ever find her attractive again. A friend suggested she try dating online, so she created a profile on Facebook. 'I was looking for people to tell me: 'You're okay. Even though you just got divorced, you're still marketable,'' she said, adding that she did get attention from men online. 'And that made me feel better - not for a long time, but it made me feel better for a little bit of time.' Subscribe to The Post Most newsletter for the most important and interesting stories from The Washington Post. But when some men asked her for racy photos, she retreated. 'You would never say something like that to somebody if you were sitting at a bar with them,' she said. O'Hara is among the some 95.6 million people 18 and over who have used dating websites or apps, according to the research firm SSRS. And she's not alone in seeing her mood shift downward the longer she was online. 'My experience with patients who are on dating apps is it leads to fatigue, that people just get exhausted,' said Paul Hokemeyer, a licensed marriage and family therapist based in Telluride, Colorado. 'It takes up a lot of energy. It takes up a lot of time. It takes up a lot of emotions. And there's a huge potential for rejection.' - - - Addictive behavior In 2022, 3 in 10 U.S. adults said they had used a dating site or app, with some 9 percent reporting having used one in the past year, according to surveys conducted by the Pew Research Center. According to SSRS, Tinder is the nation's most popular dating app. (Pew reports that some 14 percent of all U.S. adults say they've used it.) While Tinder was also the most popular among those 18 to 49, Match was the preferred app among those ages 50 and older, SSRS found. But popularity doesn't equate with only positive experiences, and some experts say online dating can generate mental health hazards. For one, users can become addicted to apps and to the dopamine rush they get when someone they're interested in responds to them, Hokemeyer said. Objectification also happens, as people are focused more on veneer than substance, he added. 'They're reduced to transactions, and for patients who suffer from mental health disorders, which is basically everyone I see, the deeper their level of depression, the deeper their level of anxiety, the deeper their level of engagement with these apps seem to be,' he said. There's also a kind of doomscrolling that goes on with dating apps, not unlike the way people scroll news headlines on their phone, wading through bad news. 'People are constantly looking for validation and a dopamine and serotonin rush that doesn't happen, and if it does happen, it's fleeting and makes them want to go back for more,' he said. 'It doesn't enhance their well-being, like being present in their lives, looking for elevation from within, connecting to human beings in real time.' - - - Pros and cons Online dating can make people feel unattractive or unworthy, particularly when apps involve swiping or expressing mutual attraction to contact someone, said Racine Henry, a licensed marriage and family therapist who sees clients virtually in New York, New Jersey and North Carolina. The apps can be particularly negative for young people, who do not yet have the emotional development to put such rejection in context, she said. 'Apps like that can really make people feel ugly and unwanted,' Henry said. 'I do feel that self-esteem, self-confidence, even self-identity, need to be at healthy levels prior to engaging on those apps and that people should not put too much stock into what a person who's assessing you from a few pictures and a few lines on a screen may think or feel about you.' That said, there are upsides to these apps. They can benefit people who are introverted, have certain phobias, or perhaps have experienced dating or sexual traumas that have made them reluctant to meet people in real-life settings, such as bars, she said. 'Apps are a good way for them to meet people in a safe environment and take their time with getting to know them and be able to control more of this person's access to them,' Henry said. The key is finding someone with common goals. If two people start talking and one is looking for love while the other simply wants a sexual interaction, not only might that result in a negative experience for both of them, but it could also affect one party's safety. Each person should clearly articulate what they're looking for, she said. It's all about expectations, said Nicole Karwashan, a licensed marriage and family therapist in White Plains, New York, who met her now-fiancé online. 'When somebody goes on to a dating app with this expectation of seeking external validation or finding the love of their life, I absolutely think it could perpetuate symptoms of depression,' she said. Karwashan said she hasn't seen dating apps cause depression, but she has seen dating app usage set off her clients' eating disorders, as they try to curate their profiles so they look or present in a certain way. 'It's definitely gotten pretty bad with some of my clients,' she said. 'That's when we say: 'Okay, what's the intention? Why are we giving this app and these random people this much power?'' The problem, as with all social media, is the compulsive nature of them, she said. Karwashan has clients whose app usage is so chronic that notifications on their phones will go off during their sessions, and they'll say, 'That's one of my Tinder matches,' or, 'That's some guy I met on Bumble.' 'I actually encourage breaks from social media, just to avoid that kind of addictive tendency that it can bring,' she said. Hokemeyer said he works with his patients to get them off dating apps because he wants them to better tolerate short-term discomfort in a relationship to obtain long-term gain, and to learn resiliency - and dating apps, because of their transactional nature, don't allow for that in the way real-time relationships do. - - - 'Burned Haystack' After O'Hara lost faith in her initial experience, she changed her profile and began following something called the 'Burned Haystack' dating method, which was conceived by Jennie Young, a writer and associate dean at the University of Wisconsin at Green Bay. The haystack theory is that people are more likely to find partners if they specify what they want in their profiles and refrain from dating - and perhaps go so far as to block - anyone who doesn't fit the criteria. Young launched a Facebook group, the Burned Haystack Dating Method, and it has more than 198,000 members. O'Hara said she wanted someone who was a Democrat, had a job, liked cultural events in New York City and didn't live with their ex-wife, an issue that arose a surprising number of times. Her wish list was so specific, no one responded for days at a time. But that's part of the process, she said. Finding the right person takes time. In her case, it took about a month. O'Hara and her boyfriend have now been dating for a year and a half. 'I was asking for what I want instead of just being like, 'I'll be happy with what comes my way,'' she said. Even O'Hara, who's happily in a relationship, said she occasionally misses the 'Missing you' texts she would get from men she met online. But she said she realizes now that wasn't healthy for her or for them. That is, the men online were not just on there to make her feel better about herself, nor was she on there to satisfy their needs. 'I think that's one of the interesting things about these dating apps,' she said. 'People go on them just looking at these pictures and profiles, not realizing that there are real people on the other side.' - - - 5 things to keep in mind - Limit time on dating apps - only check apps or sites once a day. - Decide what's important to you in a partner and ask for it. - Seek someone with common goals (e.g., make sure you're both looking for the same thing, like a relationship leading to marriage, not just sex). - Don't seek validation through a dating app. - If you're prone to depression, be aware of how online dating is affecting your mental state. Related Content To save rhinos, conservationists are removing their horns Donald Trump and the art of the Oval Office confrontation Some advice from LGBTQ elders as WorldPride kicks off amid fears
