Healthcare Information Security

Cybersecurity News

Healthcare Data Breaches, Ransomware Top Challenges in 2017

Predictions for 2017 indicate that healthcare data breaches and ransomware attacks will continue to be major challenges for entities.

By Elizabeth Snell

The healthcare industry will likely continue to be plagued by technological issues, such as healthcare data breaches and ransomware attacks, going into next year, according to recent predictions.

Black Book finds healthcare data breaches a top 2017 concern

The latest Black Book poll of healthcare PR clients showed that physician satisfaction and medico-legal problems are no longer the key concerns, and that 2017 will see a higher focus on technological and financial issues. This includes data breaches, system failures, hacking, ransomware, and a disrupted flow of financial records.

Approximately 1,900 executive level officers from 334 hospitals, 218 physician groups and ambulatory organizations, and 107 payers were interviewed for the survey.

The top concern from respondents was potential catastrophes caused by technology-related events. Following that, the other main worries cited were financial issues, patient dissatisfaction events, nursing staff issues, clinical and disease emergencies, hospital performance outcomes and patient safety mishaps, and social media impacts.

"System issues affect an entire organization and could seriously threaten or immobilize cash flow, payroll, asset and supply chain management, record security, connectivity, and cost controls," Black Book Research Managing Partner Doug Brown said in a statement.

He added that a hospital’s reputation may be its most important attribute, and it can “deteriorate quickly from a single negative event."

"Healthcare organizations can take decades to build a regional reputation but only minutes to destroy it," Brown stated. "Yet we continue to see examples of how a poorly managed crisis can bring down a hospital and its revenue overnight."

Another key survey finding was that 92 percent of providers and 90 percent of payers said they do not have assessments and/ or contingency plans in place to handle the aftermath of data breaches, infectious diseases, malicious and criminal activity, or thefts and workplace violent events from outside parties.

The majority of respondents also may soon integrate mobile technology into their crisis planning, as technology continues to evolve. Specifically, 98 percent of surveyed hospitals and and 71 percent of surveyed payer organizations recognized they have not yet done this, but need to integrate mobile.

The security of sensitive business information will also be a key issue for 2017, according to Stephen Bychowski a member of Foley & Hoag LLP’s Intellectual Property and Litigation Departments.

This will be a shift from concern over the security of individual consumer information, he explained in a recent blog post.

Consumer data typically revolves around PII, and then HIPAA regulations or even the Gramm-Leach-Bliley Act (GLBA) may apply. However, when businesses have data such as financial information, ongoing research and development projects, or confidential agreements with third parties stolen, state and federal data security and privacy laws discussed above may not apply.

“Once in possession of this data, hackers can make the information public, sell it to competitors, or use it for extortion,” Bychowski wrote. “Thus, companies are well advised to develop strategies and policies focused on protecting their business information from such attack.”

Ransomware attacks in particular are becoming more common, he noted. These types of malware could not only put sensitive information in the wrong hands, but the data might be gone forever if the company does not have adequate back ups in place.

Foreign governments and competitors may also be the instigators of cybersecurity attacks, Bychowski warned. When this is the case, trade secrets and other sensitive business information are likely the target.

If HIPAA rules or other privacy and security regulations cannot apply, Bychowski noted that the Computer Fraud and Abuse Act, or the recently enacted Defend Trade Secrets Act might be important tools for businesses.

“State law can also provide viable causes of action,” he wrote. “For instance, in the event of a cyberattack by a competitor, claims for torturous interference and unfair competition might be appropriate.”

Overall, companies need to ensure they have the right tools in place to combat such attacks in the next year to keep all sensitive data secure.

“In the end, 2017 will certainly be an interesting year for data privacy and security,” Bychowski said. “Massive hacks involving the theft of personally identifiable information will continue, if not increase. But I think we will also see the rise of attacks targeted at sensitive business information.”   

Dig Deeper:


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks