Healthcare Leads Industries for Cybersecurity Attacks in 2018. And It's Only Going to Get Worse.

By: Christina Southern on Apr 16, 2019 7:07:48 AM

shutterstock_398381797A new study reports that healthcare was the No. 1 industry for cybersecurity breaches in 2018. BakerHostetler's latest Data Security Incident Response Report shows that phishing attacks were the leading cause of breaches, making up 37 percent across all industries. Network intrusions were at 30 percent, with unpatched servers and remote desktop connections providing easy points of entry. reports:
  • Health information was the second most at-risk type of data in cyber incidents, making up fully a third of potentially compromised records. Social Security numbers were the most at risk at 37 percent. More than half (55 percent) of all incidents involved insider error or activity, according to the report.
  • Once cybercriminals penetrate a system, their next steps most often involve accessing an Office 365 account (34 percent), roaming the network for available data (30 percent), installing ransomware (12 percent) or securing a wire transfer to the attacker's account (8 percent), according to the report. 
Webinar: Free Cybersecurity Awareness Training
  • For ransomware victims, the report offers some sobering news: Nearly one in 10 times (9 percent) that a ransom was paid, no decryption key was received. The average ransom paid last year was $28,920. Among healthcare organizations, on average 36 days elapsed between the time of the initial access and detection, plus another 10 days to contain the breach.

What does this mean for businesses - especially healthcare - in 2019? The future is not bright for organizations that are not keeping pace with cybersecurity efforts.

"Health systems and hospitals are shirking industry cybersecurity standards," reports "For example, conformance to HIPAA security rules fell from 74% in 2017 to 72% in 2018, according to a 2019 report from cybersecurity consulting firm Cynergistek.

"The repercussions are costly: When breaches expose sensitive information, HIPAA privacy rules are violated — and health systems have to pay up. The US government doled out a new high of $26 million in HIPAA penalties in 2018. Moreover, health firms lose nearly 7% of their customers following a data breach — the highest of any industry."

As counter efforts grow stagnant, experts expect an increase in US health breaches in 2019. Read more from

UP NEXT: Get Free Cybersecurity Awareness Training with C Spire Ethical Hackers

CONSIDER IT MANAGED. C Spire Business is the nation’s first full-stack managed solutions provider, capable of offering advanced connectivity, cloud, software, hardware, communications, professional services, cybersecurity, business continuity, and technology support in a single, seamless IT solution portfolio. The result is smarter. Faster. More secure. From desktop to data center, we meet you wherever you are and take on your biggest technology challenges.

Sign up for our monthly newsletter.

For the latest in technology trends, industry news, and C Spire updates.

Recent Posts

Sign up for our monthly newsletter

For the latest in technology trends, industry news, and C Spire updates.