[ skip to content ]

Cyber Attacks on Healthcare Institutions Face a Dramatic Surge

By Noell Saunders

The number of cyber threats in health care, including computer system breaches and compromises of patient records, has risen significantly over the past two years.

Hongyi "Michael" Wu, director of Old Dominion University's Center of Cybersecurity Education and Research, said the increase is largely due to the growing use of electronic health records. An electronic health record refers to the systematized collection of patient health information in a digital format. These records can be shared between health care settings.

"While electronic health systems are being embraced for efficiency and productivity, they're becoming an increasingly attractive target for cybercriminals to steal medical and financial information," he said.

Wu added that while hospitals and medical centers usually deploy up-to-date cybersecurity systems, many cyber attacks occur because of human error. "For example, 91 percent of cyber attacks began with a user clicking on a phishing email," he said.

Health care professionals often have less exposure to cyber technologies compared with workers in other industries, Wu said. That lack of cyber-awareness gives cybercriminals an edge in hacking into medical IT systems.

Another reason for the surge in cyber threats in health care, Wu said, is the use of network smart medical devices, which collect medical data and transmit it through wired or wireless networks to doctors and nurses.

"It's fundamentally challenging to secure them, since they are extremely resource-constrained. For example, with less powerful central processing units (CPUs) and small memory, computers can't implement advanced cybersecurity technologies," Wu said. "Therefore, they are often exposed to an unprotected environment where people can have direct access."

In response to rise of cyber threats, the Healthcare Industry Cybersecurity Task Force is prompting the U.S. Department of Health and Human Services to issue a revised HIPAA (Health Insurance Portability and Accountability Act) breach reporting tool. It would help health care officials identify recent breaches of health information and learn how such breaches should be investigated and resolved.

Wu said he recommends that patients comb over medical bills for suspicious activity; confirm information on electronic medical files by requesting a copy of electronic health records from health insurers, and be aware of suspicious debt collection notices claiming to be from a doctor's office or insurance company.

Related News Stories


ODU Expert Warns of 'Smishing' Scams That Target Text Messages

Smishing scams have been around since as early as 2008, but are becoming more prevalent. It is one of the more dangerous scam techniques that exist today, said Hongyi "Michael" Wu, director of Old Dominion University's Center for Cybersecurity Education and Research. (More)


A Decade of Cyber Warfare: ODU Expert Discusses the Evolution of Cyber Attacks

Hongyi “Michael” Wu, director for Old Dominion University’s Center for Cybersecurity Education and Research, said the Estonia attack demonstrated the vulnerability of network systems and potential impacts. (More)

Articulation Agreement Signing

ODU/TNCC Agreement Clears Cybersecurity Education Pathway

The agreement will allow recipients of Thomas Nelson associate degrees to progress to Old Dominion’s cybersecurity undergraduate program, saving as much as $15,000 in tuition by transferring credits. (More)

Site Navigation

Presidential Inauguration

ODU commemorated the inauguration of President Brian O. Hemphill, Ph.D., during Homecoming Weekend 2022. Relive the historic weekend.

Fall Open House

It's time to fall in love with ODU! Join us for our last Open House event of the semester on Saturday, November 19.

Commencement 2022

Visit the Commencement Office for information on event times, caps & gowns, tickets and more!