Welcome to ITS! Learn more about our strategic partnership with Digital Seattle!

What We Can Learn from Data Breaches at these San Francisco Hospitals


In 2018, news broke about a data breach that compromised 900 patient records from two San Francisco hospitals, namely San Francisco General (SFGH) and Laguna Honda. The incident shed light on a reality that has been plaguing the healthcare industry for years: the sector is highly vulnerable to cyber-attacks. And things are getting worse. 

In fact, just three years after the breach in San Francisco was reported, the impact of data breaches throughout the healthcare industry tripled. According to a report by Critical Insights, data breaches that hit the sector in 2021 impacted 45 million people. It's a dramatic spike compared to 2018's 14 million. 

But why is the healthcare industry being targeted so relentlessly? And, perhaps more importantly, what can you do to protect yourself? 

At ITS, we've helped numerous healthcare organizations bolster their cybersecurity efforts and secure their technology. From our experience, cybersecurity in healthcare needs more attention. In this article, we'll help you understand why by diving into the following topics: 

  • Why are Hackers Targeting Healthcare? 
  • Most Common Attack Vectors in Healthcare (and How to Secure Them) 

List of the six reasons why hackers are targeting healthcare (2)

6 Reasons Why Hackers are Targeting Healthcare 

There are plenty of reasons why the healthcare industry is one of the most vulnerable to cyber-attacks. Take a look below to find out why hackers keep targeting the sector: 

1. The Stakes are Very High 

A cyber attack hitting your facility is a high-stakes scenario that could result in high-profile litigation, injury, or even death for your patients. It's vile, but that's the type of environment cybercriminals are aiming for. Imagine getting hit by an attack that disrupted your operations, putting lives at risk. It's a highly stressful situation that would make it easier for anyone to give in to the criminal's demands. 

2. Healthcare Data is More Valuable than Credit Card Info 

Personal Health Information (PHI) is one of the most valuable data you have. A Trustwave report found that a healthcare data record may be valued at up to $250 per record on the dark web. That's 46 times higher than the next highest value record, credit card info, priced at $5.40.  

Selling healthcare data is lucrative because it often contains all of an individual's personally identifiable information. Unlike a financial breach which may yield a single piece of information, healthcare records display a gamut of data that's hardcoded within individuals and can never change. Criminals can use those to steal people's identities or utilize them for other ruthless schemes like blackmail or extortion. 

In the case of the SFGH and Laguna Honda breaches, the stolen data included names, dates of birth, details about the patient's conditions, and diagnoses. 

3. Medical Devices are an Easy Entry Point 

Advancements in healthcare technology have helped pave the way for better treatments and procedures across the industry. However, for those in charge of cybersecurity, those new devices open up more entry points for attacks. Medical devices are designed for a specific purpose -- like monitoring heart rates. They're not made with security in mind. That means they're vulnerable. 

A hacker can use them as a foothold to gain access to your server operating within the same network. Or, in a worst-case scenario, they could be taken over by hackers and held for ransom, preventing you from administering life-saving treatment to patients. 

New call-to-action

4. Healthcare Staff are Overworked 

Healthcare workers are some of the busiest and most in-demand in the country. They typically work in very stressful conditions. Unfortunately, that also means they are more likely to make a few cybersecurity mistakes. Cybercriminals know that and are more than willing to take advantage of your busy team.  

5. Sensitive Information Needs to Be Accessible to Staff 

Another challenge to securing sensitive information is the fact that this data should be readily accessible to staff members. It's hard to secure data used widely across an organization. In addition, the use of mobile devices, laptops, and tablets has become a necessity for smooth workflows. It's double-edged because it also presents even more entry points for hackers. 

You or a staff member might be using personal devices to access sensitive information. That gives cybercriminals a lot of opportunities to crack your defenses. They can infect your device with hidden malware that infects your network or steal your login credentials to break in that way. 

6. Outdated Technology 

As mentioned earlier, healthcare workers are very busy. They might not have the time to work on patch management or update their systems. That presents a serious cybersecurity issue. Outdated technology has known vulnerabilities that can easily be exploited. One of the first things a hacker will do once establishing a foothold in your network is to spot these gaps and take advantage. 

Most Common Attack Vectors in Healthcare (and How to Secure Them) 

If you want to improve your healthcare organization's cybersecurity, check out below the most common initial attack vectors and how to secure them: 

Stolen Devices

a thief running away with a green bag on his shoulderLost devices are one of the most common causes of data breaches in the healthcare industry. In order to cover this vector, you can leverage mobile device management (MDM) and virtual mobile infrastructure (VMI) solutions. That allows your staff to access sensitive information more securely. You can also implement endpoint, detection, and response (EDR) software to monitor all devices connected to your network. 

Malicious Insiders 

a hacker in front of a laptopBased on the investigations conducted on the SFGH and Laguna Honda breaches, the perpetrator was a former employee of a third-party vendor. Malicious insiders are a serious threat. Defending against them can be difficult and may require advanced solutions like security information and event management (SIEM). That will allow you to monitor and respond to suspicious behavior within your network. 

Unreliable Third-Party Vendors

a red sad face with a thumbsdownAs mentioned above, the breach on the two San Francisco hospitals came from a third-party vendor. It's vital to do your research on any third-party vendors your organization will partner with. In addition, it's best to set up some measures in case the vendor is compromised. Stringent authorization management, SIEM, and EDR can help you with that. 


Ready to Improve Your Healthcare Organization's Cybersecurity 

If you're in the healthcare industry, you shouldn't treat cybersecurity as an expense or something that causes disruption; it's an investment. One that can help you save money and prevent attacks that can cause serious consequences to your organization or your patients. Healthcare is the most targeted sector for a lot of reasons, and failing to take security seriously should never be one of those. 

At ITS, we've helped clients in the health industry protect their networks from all kinds of cyber threats. If you want to learn more, check out our article on Why 88% of All Ransomware Attacks Hit the Healthcare Industry.

New call-to-action