[ skip to content ]

More Information about this image

You Visit Tour. Webb Lion Fountain. June 1 2017. Photo David B. Hollingsworth

Cyber Attacks on Healthcare Institutions Face a Dramatic Surge

By Noell Saunders

The number of cyber threats in health care, including computer system breaches and compromises of patient records, has risen significantly over the past two years.

Hongyi "Michael" Wu, director of Old Dominion University's Center of Cybersecurity Education and Research, said the increase is largely due to the growing use of electronic health records. An electronic health record refers to the systematized collection of patient health information in a digital format. These records can be shared between health care settings.

"While electronic health systems are being embraced for efficiency and productivity, they're becoming an increasingly attractive target for cybercriminals to steal medical and financial information," he said.

Wu added that while hospitals and medical centers usually deploy up-to-date cybersecurity systems, many cyber attacks occur because of human error. "For example, 91 percent of cyber attacks began with a user clicking on a phishing email," he said.

Health care professionals often have less exposure to cyber technologies compared with workers in other industries, Wu said. That lack of cyber-awareness gives cybercriminals an edge in hacking into medical IT systems.

Another reason for the surge in cyber threats in health care, Wu said, is the use of network smart medical devices, which collect medical data and transmit it through wired or wireless networks to doctors and nurses.

"It's fundamentally challenging to secure them, since they are extremely resource-constrained. For example, with less powerful central processing units (CPUs) and small memory, computers can't implement advanced cybersecurity technologies," Wu said. "Therefore, they are often exposed to an unprotected environment where people can have direct access."

In response to rise of cyber threats, the Healthcare Industry Cybersecurity Task Force is prompting the U.S. Department of Health and Human Services to issue a revised HIPAA (Health Insurance Portability and Accountability Act) breach reporting tool. It would help health care officials identify recent breaches of health information and learn how such breaches should be investigated and resolved.

Wu said he recommends that patients comb over medical bills for suspicious activity; confirm information on electronic medical files by requesting a copy of electronic health records from health insurers, and be aware of suspicious debt collection notices claiming to be from a doctor's office or insurance company.

Related News Stories


ODU Expert Warns of 'Smishing' Scams That Target Text Messages

Smishing scams have been around since as early as 2008, but are becoming more prevalent. It is one of the more dangerous scam techniques that exist today, said Hongyi "Michael" Wu, director of Old Dominion University's Center for Cybersecurity Education and Research. (More)


A Decade of Cyber Warfare: ODU Expert Discusses the Evolution of Cyber Attacks

Hongyi “Michael” Wu, director for Old Dominion University’s Center for Cybersecurity Education and Research, said the Estonia attack demonstrated the vulnerability of network systems and potential impacts. (More)

Articulation Agreement Signing

ODU/TNCC Agreement Clears Cybersecurity Education Pathway

The agreement will allow recipients of Thomas Nelson associate degrees to progress to Old Dominion’s cybersecurity undergraduate program, saving as much as $15,000 in tuition by transferring credits. (More)

Site Navigation

Experience Guaranteed

Enhance your college career by gaining relevant experience with the skills and knowledge needed for your future career. Discover our experiential learning opportunities.

Academic Days

Picture yourself in the classroom, speak with professors in your major, and meet current students.

Upcoming Events

From sports games to concerts and lectures, join the ODU community at a variety of campus events.