Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2023 Jun:68:179-185.
doi: 10.1016/j.ajem.2023.04.001. Epub 2023 Apr 5.

Cyberthreats: A primer for healthcare professionals

Derrick Tin  1 Ryan Hata  2 Fredrik Granholm  3 Robert G Ciottone  4 Richard Staynings  5 Gregory R Ciottone  6
Affiliations

Cyberthreats: A primer for healthcare professionals

Derrick Tin et al. Am J Emerg Med. 2023 Jun.

Abstract

Introduction: Cyberattacks are one of the most widespread, damaging, and disruptive forms of action against healthcare entities. Data breaches, ransomware attacks, and other intrusions can lead to significant cost both in monetary and personal harm to those affected and may result in large payouts to cyber criminals, crashes of information technology systems, leaks of protected health and personal information, as well as fines and lawsuits. This study is a descriptive analysis of healthcare-related cyber breaches affecting 500 or more individuals in the past decade in the United States.

Methods: The publicly available U.S. breach report database was downloaded in the Microsoft Excel (Microsoft, Redmond, Washington, USA) format and searched for all reported breaches occurring between January 1, 2011 - December 31, 2021 (10 years). Breaches were subdivided by category and analyzed by states, breach submission dates, types of breach, location of breached information, entity type, and individuals affected. All subcategories were predefined by the breach report.

Results: There were a total of 3822 PHI breaches that affected 283,335,803 people in the United States from January 1, 2011 to December 31, 2021. Of the 3822 PHI breaches, 1593 (41.7%) were hacking/ IT related, 1055 (27.6%) were listed as unknown, 819 (21.4%) were theft related, 194 (5.1%) were loss related, 97 (2.5%) were related to improper disposal and 64 (1.7%) were listed as "others". Year 2020 saw the most breaches with 631 and California was the state with the highest number of breaches at 403.

Conclusion: Cyberattacks and healthcare breaches are one of the most costly and disruptive situations facing healthcare today. A total of 3822 breaches affecting 283,335,803 people in the United States were recorded from January 1, 2011 to December 31, 2021. By understanding the extent of cyberthreats this will better prepare healthcare organizations and providers to mitigate, respond, and recover from these devastating attacks.

PubMed Disclaimer

Conflict of interest statement

Declaration of Competing Interest The authors have no financial disclosures and no conflicts of interest. “This research received no specific grant from any funding agency in the public, commercial or not-for-profit sectors‟. DT and RH participated in the conception and design of the research. DT and RH acquired and analyzed the data. DT, RH and RS contributed to writing the manuscript. FG, RC and GC reviewed the results and overall manuscript. All authors have read the manuscript and approved its submission.

LinkOut - more resources