Data breach is a “security incident”, whereby unauthorized individuals gained access into a secured database, application, or service to steal personal information. It can also be a data leak, in which sensitive particulars are released deliberately or accidentally out to the public. Apart from financial institutions and retail stores, hospital is often a victim of data breach because of the diverse and valuable details obtained from fellow patients.

The damage

Researcher from Michigan State University and Johns Hopkins University studied over 1461 data breaches that took place between 2009 and 2019 which affected 169 million people and published their findings recently in the Annals of Internal Medicine. They found about 70% of hospital data concerned the loss of demographic or financial information. This means identify theft and financial fraud may be the goals of majority of the hackers.

Nevertheless, data breaches which involved medical information tend to affect more people. According to The 2019 Verizon Data Breach Investigation Report (DBIR), healthcare is most vulnerable sector towards data breach caused by internal actors and most issues arise in the form of ransomware rather than denial of services. On top of which, mis-delivery is the most common type of human error that leads to a data breach, making up 15% of all data breaches took place within healthcare organizations.

The proposal

Researcher from Michigan State University and Johns Hopkins University suggested storing different information on different servers. However, this may create silos and contradicts with institutions that encourage data sharing. As such, advocating a systematic plan is inescapable. Here are some tips.

  • Prevention is better than cure: Assess existing risks, explore ways to lower the organization’s exposure to risks, and constant evaluation of third-party partners.
  • Maintain integrity: Clean up human errors by ensuring all staff are well-trained in handling, storing, and retrieving sensitive data. Maintain a formal code of conduct, track insiders’ access to sensitive information and give . Be informed of any recent attacks.
  • Technology vs Technology: Employ strong authentication on any customer-facing tools, remote access and cloud based email services. Continuous monitoring of traffic spikes and guard against any abnormal interruptions.

AIMed had prepared a handy workshop for those who are interested to learn more about cybersecurity and blockchain at the upcoming AIMed 19.

Session Focus: Workshop 8 – Blockchain and Cybersecurity in healthcare

When: Friday, 13th December 2019 (08:00 – 09:30)

Dedicate 30 minutes to learn how to respond to the security concerns related to artificial intelligence (AI) and new technologies and another 30 minutes to find out the impact of Blockchain technology on precision medicine and population health.

Attendees will gain the following knowledge:

Deep dive into the field of Blockchain and genomic medicine; how they change medicine from “sick care” to  “preventive care”.

Discover the potential of genomics serving as the foundation for developing large scale precision medicine programs in the near future.

What can be done to address the lack of cybersecurity skills.

How can clinicians and healthcare executives better secure their organizations.


Sri Bharadwaj. Senior Director of Information Services and Chief Information Security Officer, University of California, Irvine.


Ingrid Vasiliu-Feltes. Chief Quality and Innovation Officer, MEDNAX.

Tony Lakin. Chief Information Security Officer. Children’s Hospital of Orange County.

Author Bio

Hazel Tang A science writer with data background and an interest in the current affair, culture, and arts; a no-med from an (almost) all-med family. Follow on Twitter.