Skip to Content

What Do Hospital Cyber Attackers Want to Know About You?

TUESDAY, Sept. 24, 2019 -- Cyber attackers who target hospital databases mostly go after patient contact and financial information, not medical records, a new study finds.

The data that hackers seek could lead to identity theft and financial fraud, according to investigators from Michigan State University in East Lansing, and Johns Hopkins University in Baltimore.

Moreover, this is the focus of more than 70% of hospital cyber attacks, the researchers said.

Reporting in a pair of studies in the Sept. 23 issue of the Annals of Internal Medicine, the study authors noted that only 2% of hospital breaches ultimately accessed patient medical records.

"The major story we heard from victims was how compromised, sensitive information caused financial or reputation loss," lead author John (Xuefeng) Jiang said in a Michigan State news release.

"A criminal might file a fraudulent tax return or apply for a credit card using the Social Security number and birth dates leaked from a hospital data breach," he added.

Jiang is a professor of accounting and information systems at Michigan State.

He and his colleagues reviewed more than 1,460 hospital data breaches that occurred across the United States over the last decade. Roughly 169 million patients were affected.

The breaches fell into three categories of information: names and contact information; financial data; and medical records.

Two million people had their personal health information stolen, amounting to just 2% of the breaches, the findings showed.

By comparison, all of the cyber attacks targeted at least one piece of contact information. And more than seven in 10 targeted either sensitive contact or financial records, including names, email addresses, bills, credit cards, Social Security numbers, driver's licenses and birth dates. Hackers can use this kind of information to commit identity theft or financial fraud.

The investigators suggested that perhaps hospitals should be required to reveal exactly what type of information is stolen following a data breach.

Study co-author Ge Bai said, "Without understanding what the enemy wants, we cannot win the battle. By knowing the specific information hackers are after, we can ramp up efforts to protect patient information." Bai is an associate professor of accounting at Hopkins Business School and the Bloomberg School of Public Health.

© 2020 HealthDay. All rights reserved.

Posted: September 2019

Read this next

Older Adults Turning to Pot for Common Health Problems

TUESDAY, Oct. 20, 2020 -- Marijuana is fast becoming a favorite medication among older Americans, a new study finds. Cannabis is being used to ease problems such as pain, sleep...

Pandemic Putting Americans Under Great Mental Strain: Poll

TUESDAY, Oct. 20, 2020 -- COVID-19, health care, the economy, systemic racism and the presidential election are a threat to the nation's mental health, according to an American...

Bogus 'Cure' Claims Have U.S. Consumers Snapping Up CBD Products

THURSDAY, Oct. 15, 2020 -- CBD has been widely marketed as a cure-all for whatever ails you, and a new study finds many Americans are buying the sales pitch. Researchers tracking...