Healthcare Data Breaches Surge: Protect Yourself

Healthcare providers beware! Hackers are on the attack, and you are their number one target. That’s the finding of a recent report by Cynerio, a data security company that serves the healthcare sector.

In its 2022 State of Healthcare IoT (Internet of Things) Device Security Report, Cynerio found that 53 percent of connected medical devices and other healthcare IoT devices have at least one unaddressed critical vulnerability that could be exploited to gain access to networks and sensitive data or even affect the ability of the devices. In addition, one-third of bedside healthcare devices had an identified critical risk that, if attacked, could impact patient safety service availability or data confidentiality.

Among the report’s key findings:

  • IV pumps make up 38 percent of a hospital’s typical healthcare connected devices’ footprint and 73 percent of those have a vulnerability that could jeopardize patient safety, data confidentiality, or service availability if it were to be hacked.
  • Devices running versions older than Windows 10 make up most of the devices used by pharmacology, oncology, and laboratory devices, and make up most of the devices used by radiology, neurology, and surgery departments, leaving patients connected to these devices vulnerable. 
  • The most common device risks are connected to default passwords and settings that attackers easily can get from manuals posted online, with 21 percent of devices secured by weak or default credentials.
  • More than 90 percent of the critical risks to connected medical devices in hospitals can be mitigated by network segmentation.
  • Fifty percent of Voice over Internet Protocol (VoIP) systems contained vulnerabilities, with ultrasound devices, patient monitors, and medicine dispensers the next most vulnerable device categories.

The data was collected from more than 300 of Cynerio’s hospital and healthcare facility clients on more than 10 million devices.

Other reports have similar findings. For example, Black Kite’s Third-Party Breach Report found the healthcare industry was the most common victim of attacks caused by third parties, accounting for 33 percent of incidents in 2021. It also found that ransomware was the most common method of third-party attacks, initiating 27 percent of breaches analyzed in 2021.

Remember, data breaches have wide-ranging implications, not only for patients but also for your healthcare facility. As we wrote about last year, data breaches are increasingly becoming the focus of class action lawsuits.

The Health Law Offices of Anthony C. Vitale can assist clients with compliance with HIPAA’s Privacy and Security rules and regulations. For information call 305-358-4500 or email

Posted in

The Health Law Offices of Anthony C. Vitale