Healthcare Data Privacy 2021

Providers Race Against Ransomware

Executive Summary

Today, “data privacy” is practically an oxymoron. Patients want their health information to be accessible and protected. But cyberattacks on healthcare providers are surging, with the twin goals to extract sensitive data and hefty ransom payments. The costs are mounting.

How are cyberattacks affecting healthcare providers?

Healthcare providers are under heavy pressure to protect their systems from breaches. In 2020, close to two cyberattacks per day were made on healthcare organizations and their business associates. That rate has escalated in 2021 and shows no signs of slowing. Patient health information is the prize, both for the trove of sensitive information and the price these records command on the dark web. The average cost of a US healthcare data breach to the targeted entity is now $9.23 million, even without a ransom payment.

What tactics are being used to penetrate health systems?

“Ransomware as a Service” is on the rise. It’s being sold as a subscription-based model on the dark web, and buyers get the latest, greatest version to execute their own attacks. Successful penetration can shut down a health system’s critical digital network, including electronic health systems. If not detected in time, attackers can extract patient data for sale or extortion purposes while demanding millions of dollars in ransom.

What are healthcare providers doing to mitigate these attacks?

Cybersecurity strategies are shifting with the attacks. The emphasis on protecting the perimeter against penetration is giving way to “zero trust” security and automation to continually monitor and guard all systems and data. IT professionals are fighting AI-driven attacks with AI-driven defenses.

WHAT’S IN THIS REPORT? An examination of the healthcare data privacy landscape in 2021; how consumers view their data; the shift in tactics used by cybercriminals; and how healthcare providers are maneuvering their budgets and institutions to respond.

KEY STAT: Public awareness of cyberattacks spiked in 2021 following the Colonial Pipeline and JBS Foods incidents. Now 86% of likely voters in the US are very or somewhat concerned about such attacks on infrastructure like hospitals and energy grids.

Here’s what’s in the full report


Exportable files for easy reading, analysis and sharing.


Reliable data in simple displays for presentations and quick decision making.

3expert perspectives

Insights from industry and company leaders.

    Table of Contents

    1. Executive Summary
    2. Healthcare in the Crosshairs
    3. The Cost of Breaches Goes Well Beyond Fines
    4. Consumer Trust and Legal Confusion
    1. What Healthcare Providers Are Doing About IT
    2. Key Takeaways
    3. Insider Intelligence Interviews
    4. Read Next
    1. Sources
    2. Media Gallery

    Charts in This Report

    Interviewed for This Report

    Iliana Peters
    Interviewed August 11, 2021
    Ryan Smith
    Intermountain Healthcare
    Chief Information Officer
    Interviewed August 21, 2021
    Lisa Stump
    Yale New Haven Health
    Senior Vice President and Chief Information Officer
    Interviewed August 17, 2021

    Access full deck

    View a slide-show representation of this report’s key insights, where carefully vetted data is combined with industry trend analysis, included at no extra cost.
    Download PPTX















    Access All Charts and Data

    Gain access to reliable data presented in clear and intelligible displays for quick understanding and decision making on the most important topics related to your industry, included at no extra cost.


    Lisa Phillips


    Jeane Han
    Senior Researcher
    Rayna Hollander
    Rajiv Leventhal
    Analyst, Digital Health

    "Behind the Numbers" Podcast