Intended for healthcare professionals


Cybersecurity and healthcare: how safe are we?

BMJ 2017; 358 doi: (Published 06 July 2017) Cite this as: BMJ 2017;358:j3179
  1. Guy Martin, clinical research fellow1,
  2. Paul Martin, honorary principal research fellow2,
  3. Chris Hankin, director2,
  4. Ara Darzi, director of the Institute of Global Health Innovation1,
  5. James Kinross, senior lecturer in surgery1
  1. 1Department of Surgery and Cancer, Imperial College London, 10th Floor QEQM Building, St. Mary’s Hospital, Praed Street, London W2 1NY, UK
  2. 2Institute for Security Science and Technology, Level 2 Admin Office, Central Library, Imperial College London, South Kensington Campus, London, UK
  1. Correspondence to: J Kinross j.kinross{at}

Rising cybersecurity threats to healthcare require policy makers to tackle fragmented governance, to develop and implement security standards, and to help organisations to improve their resilience, say Guy Martin and colleagues

Healthcare systems around the world have rightly identified the huge potential for digital technology to improve clinical outcomes and transform care delivery.1 But the recent WannaCry malware attack has once again highlighted cybersecurity as a critical patient safety issue requiring urgent solutions.

Cybercrime—a universal challenge

Cyberattacks usually steal money, data, or intellectual property, but increasingly the aim is to cause overt disruption or political impact. They are often transnational and state sponsored; attributing them to individuals can be difficult. Many attacks are undetected or unreported, and only a small minority enter the public domain; among recent examples are the major breaches at TalkTalk, Mossack Fonseca, the US Democratic National Committee, and Yahoo. The global cost of cybercrime in 2014 was estimated to be $575bn (£440bn; €500bn).2

Cybercrime and healthcare

Healthcare faces even larger cyber risks than other sectors because of inherent weaknesses in its security posture. It is one of the most targeted sectors globally; 81% of 223 organisations surveyed, and >110 million patients in the US had their data compromised in 2015 alone.34 Only half of these providers think that they are capable of defending themselves from cyberattack, and there has been a 300% increase in attacks in the past three years,35 For those conducting cyberattacks the healthcare sector is an attractive target for two simple reasons: it is a rich source of valuable data, and it is a soft target. The current and emerging cyber risks to healthcare are outlined in box 1.

Box 1: Common and emerging cyber threats in healthcare

  • Data theftfor financial gain—stealing personal data for the purposes of monetary gain; for example, names, addresses, social security details, financial …

View Full Text

Log in

Log in through your institution


* For online subscription