As recently as May 5, the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and the U.K.’s National Cyber Security Centre (NCSC) issued a joint alert to warn that “advanced persistent threat (APT) groups are exploiting the Covid-19 pandemic” to specifically target “healthcare bodies, pharmaceutical companies, academia, medical research organizations, and local governments,” presumably in order to collect bulk personal information, intellectual property and intelligence that aligns with national priorities.

While it’s disheartening that our global health crisis comes accompanied by increased health care cyber threats, it shouldn’t be surprising. Cybersecurity in the health care sector is completely fractured and thus ripe for an incursion.

The situation was dire even before the pandemic. According to HIPAA Journal, “510 healthcare data breaches of 500 or more records were reported” in 2019, representing a 196% increase from 2018. The number of individual health care records breached so far in 2020 is likewise troubling, with the journal reporting a staggering 1,531,855 in February 2020 alone.