By Bill Branson (Photographer) - This image was released by the National Cancer Institute, an agency part of the National Institutes of Health, with the ID 3742 (image) (next)., Public Domain,

Tens of millions of Americans have their medical information stolen online each year, and that number is rapidly increasing as healthcare undergoes a major digital transformation. Medical hacking is now putting the delivery of treatment in danger, exposing patients to identity theft, and costing hospitals, insurers, and other healthcare organizations millions of dollars. However, the Office for Civil Rights of the Department of Health and Human Services, which is entrusted with looking into security breaches, assisting healthcare organizations in fortifying their defenses, and fining them for insufficient security, is ill-equipped to assist.

As Politico reports:

Due to its shoestring budget, the Office for Civil Rights has fewer investigators than many local police departments, and its investigators have to deal with more than a hundred cases at a time. The office had a budget of $38 million in 2022 — the cost of about 20 MRI machines that can cost $1 million to $3 million a pop.

Another problem is that the office relies on the cooperation of the victims, the institutions that hackers have targeted, to provide evidence of the crimes. Those victims may sometimes be reluctant to report breaches, since HHS could then accuse them of violating HIPAA and levy fines that come on top of costs stemming from the breach and the ransoms often demanded by the hackers.

Depending on the circumstances, it can seem like blaming the victim, especially since the hackers are sometimes funded or directed by foreign governments. And it’s raised questions about whether the U.S. government should be doing more to protect health organizations.

In an Aug. 11 letter to HHS Secretary Xavier Becerra, Sen. Angus King (I-Maine) and Rep. Mike Gallagher (R-Wis.), past co-chairs of a cybersecurity commission that examined the danger, raised that point, questioning the government’s “lack of robust and timely sharing of actionable threat information with industry partners.”

These incidents could have a huge financial impact and endanger the lives of the patients. According to a recent study by the cybersecurity firm Cynerio. According to experts, the health care industry is especially vulnerable to attacks, in part because of its recent digital transition and in part because it is particularly susceptible to ransomware. Furthermore care interruptions may put patients’ lives in peril by forcing healthcare institutions to pay ransom. Nearly 50 million people’s records were obtained by hackers in 2021 alone, heightening privacy issues and making many individuals more susceptible to fraud.


  1. Another danger not mentioned in the article: thieves using stolen PHI to obtain health care for themselves. This could lead to patients getting flagged and treated for conditions they do not have, or no treatment for conditions they do.

Leave a Reply

Your email address will not be published. Required fields are marked *