Protecting the sensitive, private nature of an individual’s health information is a critical piece of our country’s laws. The Health Insurance Portability and Accountability Act (HIPAA) protects our health information from being disclosed without our consent, but who protects our health information from being stolen? Healthcare providers are especially vulnerable to data breaches and hacker incursions; the high black-market-value of this sensitive information makes it a tempting target for cybercriminals. If your personal information was stolen, our data breach lawyers can help you understand your legal options.
Why is personal data theft so rampant? Healthcare providers cannot take the right steps to protect your sensitive information without first addressing the main cause of healthcare data breaches.

Phishing attacks
Hackers use fake emails, calls, or text messages to trick healthcare employees into disclosing patient information. Some phishing attempts are directed at patients, allowing the hacker to access their patient portals or other digital accounts. AI makes it even easier for malicious hackers to fool employees into allowing them into the system.
Once the hacker has access to the provider’s system, the hacker may have unlimited access to everything from healthcare data to patients’ payment methods.
Ransomware attacks
Similar to a phishing scam, ransomware involves the malicious installation of a program that “locks” patient files. The hacker has the “key” to recover these files but will not release it until the healthcare facility pays a ransom. Reports suggest that this type of attack will increase significantly. In fact, healthcare providers have the second-highest attack rate, 68%, compared to all other sectors, including state and federal governments.
Internal threats
Unhappy employees, unethical contractors, or careless staff members pose a serious danger to healthcare privacy. Sharing passwords, falling victim to phishing scams, or accessing records without authorization are common; some of these agents may even sell the information they gather on the Dark Web. Two-step authentications, better training to identify deepfakes and trojan horse-type scams and consistent monitoring of who is accessing which records can help curtail internal threats.
Unpatched, outdated, or malfunctioning software
Outdated software makes it easier for hackers to access medical organizations’ records. Companies with limited resources to upgrade their software are more vulnerable than those prioritizing strong software protection and functionality.
Opting for Software as a Subscription (SaaS) can help healthcare providers with limited resources upgrade their systems and access automatic patches and protections. The software provider manages the upgrades and security patches necessary to maintain security, reducing provider’s expense of purchasing new software and maintaining it.
Lack of encrypted data sharing
It’s common for healthcare providers to share patient information, which is almost exclusively sent digitally. Your healthcare organization may have the best software and protection in the world, but sending patient information to another provider increases the chance of it being compromised. If the data isn’t encrypted when sent, a malicious element can easily access it.
HIPAA requires that patient records be encrypted, but outdated encryption may make them especially vulnerable to interception.
Compromised medical IoT devices
Internet of Things (IoT) devices connect and share data with other devices and systems over the internet, from your refrigerator to your FitBit and your phone. Durable medical devices, like pacemakers and infusion pumps, are increasingly incorporating IoT technology. However, many devices lack basic security, making them more vulnerable to hacking. Hackers may use a patient’s device to break into the care provider’s network, making the data of thousands of other patients vulnerable.
Helping victims of cyber crimes
If you have been a victim of cybercrime, the attorneys at Mason LLP can help you evaluate your legal options. Contact us today at (202) 429-2290 for a consultation.