In 2024, 259 million Americans, or 76% of the population, experienced the effects of health-related data breaches. Nearly 50% of cyber security professionals in the healthcare industry state that phishing attacks are the main culprit behind severe data breaches. 
 
Healthcare data breaches cost an average of $408 per record, 3X higher than the cross-industry average of $148 per record, rendering these attacks not only digitally and physically disruptive, but financially devastating.  
 
A newly emergent analysis of the U.S.A’s 100 largest health system and hospital groups has revealed an alarming set of findings.  
 
Seventy-nine percent of the studied hospital and health systems received a score of ‘D’ or worse on their cyber security. Even more concerning is that sixty-five percent of the evaluated organizations recently experienced data breaches. Beyond that, 30% reportedly retain outstanding critical security vulnerabilities.  
 
Implications:
 
Health systems and hospitals are not adequately addressing cyber risks. Whether that’s because these organizations are under-staffed, under-resourced, overwhelmed or a combination thereof, there is more work to be done.  
 
The consequences of failing to take sufficient action include, and are not limited to, the following. 

  • Elevated mortality rates. Cyber attacks targeting U.S. hospitals have heightened mortality rates. According to one study, 59% of respondents replied that attacks increased the length of patients’ hospital stays.  
  • Breach costs. Cyber attacks can lead to immediate disruptions in payments. Both in the short and the long-term, attacks can threaten the financial solvency of healthcare organizations. In 2024, the average breach cost for hospitals was $9.77 million dollars.  
  • Insurance challenges. As cyber attacks increase, health provider groups will continue to see rising insurance premiums. In 2023, insurance premiums increased at twice the pace of hospital prices.  

  • HIPAA violations. HIPAA violations can lead to criminal charges and fines may be issued in amounts up to $25,000 per violation category, per calendar year. Penalties are subject to adjustments due to inflation.
Breaches can also lead to severe negative externalities for affected patients, including identity theft, financial loss, taxation implications, and reduced healthcare access.  

Technical Details:  
 
The emerging research cited earlier identified several critical technical issues for health systems and hospitals: 
 
  • SSL/TLS Configuration Issues: Every analyzed U.S. healthcare organization had SSL/TLS configuration problems, potentially exposing sensitive data to interception and man-in-the-middle attacks. 
  • System Hosting Challenges: The majority of organizations face significant system hosting vulnerabilities. One-hundred percent of organizations in Florida experienced system hosting issues, followed by Texas (85%) and North Carolina (86%).  
  • Credential Theft: Seventy-seven percent of analyzed organizations have experienced credential theft, highlighting serious email and password security concerns.  

Email security and password security are therefore key areas to address. 
 
How Harmony Email & Collaboration can Help: 
 
Harmony Email & Collaboration offers healthcare providers a comprehensive security solution specifically designed to address the aforementioned vulnerabilities. 

With end-to-end encryption, advanced threat detection, and simplified compliance tools for HIPAA requirements, Harmony helps healthcare organizations protect patient data while maintaining operational efficiency.  
 
Harmony Email & Collaboration includes features that are specifically designed to address the credential theft issues that are affecting over three quarters of major healthcare systems.  
 
Talk to a representative today, get a demo, and learn more about how Check Point can provide comprehensive cyber security protection for your organization.