Healthcare Organizations should be Concerned with Phishing and Data Attacks

Over the years, numerous advances in information and communication technology have
taken place. These have been instrumental in shifting the healthcare industry from the use of
paper-based systems to a more advanced system where data is stored in electronic health record
(EHRs) systems. The shift has helped the industry in providing cost-effective and efficient
services to patients. EHRs have been instrumental in the enhancement of disease diagnosis,
patient care, development of patient cooperation, and improved efficiency among service
providers. The use of smart devices in the industry has revolutionized communication among
healthcare providers themselves and between them and the patients. Sensitive patient data is
collected and stored electronically, allowing for easy retrieval. While there have been many
advantages associated with the shift, there have also been issues arising from the development.
The storage of data electronically has been a key source of phishing and data breaches. This has
mainly been caused by failures in the security systems, software vulnerabilities, as well as human
error leading to access of data by unauthorized users. The healthcare industry should be
concerned with phishing and data attacks because it results in theft of patient data and
consequent breach of confidentiality, lawsuits, and losses for providers and organizations in the
industry, as well as damages to the reputation of providers and facilities affected by the breach
leading to loss of revenue.
Phishing and data attacks lead to theft of patient data and breach of confidentiality.
Reports indicate that from 2005 to 2019, 249.09 million people have been affected by data
breaches in the healthcare industry (Seh et al., 2020). In 2018 alone, 2216 cases of data breaches
were reported in about 65 countries (Seh et al., 2020). Out of these incidents, there were about
536 breaches affecting the healthcare industry alone (Seh et al., 2020). This number indicates

3
that the healthcare industry faces a real threat from phishing and data attacks. Since the invention
of electronic health record systems, confidentiality and privacy of patient data have become an
issue of concern affecting both patients as well as healthcare providers. Healthcare data is
considered to be very sensitive compared to other types of data (Priestman et al., 2019). Theft of
such data can thus have serious ramifications. Other than theft, breaches that tamper with such
data can have serious, irreversible, and fatal losses to patients. It can lead to faulty treatments
that can even cause death. This explains why healthcare data should be breach-proof.
Healthcare data has real value and is thus a target for hackers. Phishing is motivated by
malicious reasons where hackers access data and then use it to extort money from organizations.
The aim is to get the organizations to pay to have back access to their data. Given the sensitivity
of healthcare data, hackers understand that healthcare organizations would pay the asked amount
to have the data back and ensure that breaches do not affect their operations. Phishing sometimes
occurs on social media when providers are sent certain links and emails, which are used to
facilitate attacks. When security is not enhanced, or human error leads to a breach of data, then
patients and organizations suffer a major setback. It is thus important to enhance security and
train employees handling patient data on how to ensure that they do not commit errors that could
have serious ramifications. Ongoing education on cybersecurity and data safety is necessary as it
will ensure that healthcare organizations are safe from phishing and data attacks (Priestman et
al., 2019). Protection of patient data is as important as the provision of quality healthcare
services. This fact became more real in 2017 when the National Health Service (NHS) became a
target of the WannaCry ransomware (Priestman et al., 2019). The attack across several NHS
organizations raised the need for improved cybersecurity and Informational technology security
awareness in the industry.

4
Further, phishing and data attacks lead to breaches that dent the image of an organization.
It is evident that patient data is very sensitive. Patients will thus have confidence in facilities that
they trust will handle their data safely. When patients learn of data pilferage in a certain facility,
then their perception of that facility is affected (Seh et al., 2020). Phishing tends to mar the brand
value and reputation of an organization. Patients are not only concerned with the quality of
services provided but also with the safety of their personal data. Thus, phishing can make certain
patents shift to other providers whom they feel will store their data safely.
Further, an increase in the data breaches involving healthcare organizations has resulted
in an increase in the number of resulting lawsuits. Lawsuits are costly to healthcare organizations
because they are forced to incur additional expenses in an attempt to put up a defense as well as
costs related to the settlement (Seh et al., 2020). Litigation is also time-wasting since the
individuals involved are forced to dedicate time to ensuring that the pending lawsuits are settled
in an amicable way. While healthcare organizations have become increasingly become digitized,
any potential breach in data could erode the gains made by the healthcare organizations.
Sensitive data that could be stored in the servers could have an adverse impact on the financial
well-being of the organization involved.
Data stolen from healthcare organizations is potentially worth a lot of money in the black
market. Millions of patients have been affected by data breaches. The average cost of the data
breach was estimated to be 41.2 million dollars in 2019. This shows that the healthcare industry
should be increasingly concerned about data breaches since the result could be catastrophic (Seh
et al., 2020). The healthcare industry has become an easy target, and this means that necessary
steps need to be taken to ensure that lawsuits that could occasion huge financial losses are
prevented. Patients have become increasingly vigilant and are willing to raise issues once they

5
suspect that their personally identifiable information (PII) has been leaked to third parties.
Patients often seek damages in lawsuits with a view to ensuring that they are adequately
compensated for the data breach. This is to the detriment of the healthcare providers involved.
Several lawsuits in the past have indicated how expensive data breaches can be to
healthcare providers. In the year 2018, Anthem was forced into a huge settlement as well as a
fine of 16 million dollars (Seh et al., 2020). An employee of the organization had responded to a
phishing email. The result was that the company was attacked. The company was not quick
enough to respond to the attacks early enough. Additional attacks were undertaken, and this
resulted in huge data breaches. The data that was breached included names of patients, medical
identities, and social security numbers. The attackers were able to steal data from more than
seventy million individuals. In 2020, Primera Blue Cross was also forced to pay millions of
dollars in a settlement relating to a data breach. A class-action lawsuit was brought against the
organization, and the result was that the company had to pay 74 million dollars in settlement
(Seh et al., 2020). Evidently, lawsuits can be very expensive, and hence there is a need to ensure
that cybersecurity is not compromised.
Overall, cybersecurity should be a more prominent concern across healthcare
organizations. Security requirements should be considered at a facility level as well as a national
level. Phishing and data attacks can affect individual facilities in the industry as well as have
serious ramifications at the national level. Coordination of security approaches from the national
to the facility levels is necessary because phishing is a serious threat. When such attacks occur,
patient data may be stolen, confidentiality and privacy breached, leading to lawsuits and losses.
Even in instances where patients do not file lawsuits against organizations for such breaches,
they may seek medical services in other facilities. The attacks may thus taint the brand image

6
and value of the affected organization, leading to a loss of revenue. Phishing and data attacks
tend to cause serious threats to the healthcare industry and should thus be addressed seriously to
ensure that it does not occur. The NHS offers modules on cybersecurity aimed at educating
providers on data security. These actions are important in ensuring that the safety of patient data
is guaranteed.

7

References

Priestman, W., Anstis, T., Sebire, I. G., Sridharan, S., & Sebire, N. J. (2019). Phishing in
healthcare organizations: Threats, mitigation and approaches. BMJ health & care
informatics, 26(1).
Seh, A. H., Zarour, M., Alenezi, M., Sarkar, A. K., Agrawal, A., Kumar, R., & Ahmad Khan, R.
(2020, June). Healthcare data breaches: insights and implications. In Healthcare (Vol. 8,
No. 2, p. 133). Multidisciplinary Digital Publishing Institute.