Digitised medical records a magnet for hackers

Medical records

The appeal of medical records to cybercriminals lies in several factors, each adding to their desirability and lucrative potential.

Photo credit: File

Today we delve into the growing concern surrounding medical records and their allure to cybercriminals. In this digital age, where data reigns supreme, few assets captivate hackers as much as medical records. As countries worldwide digitize medical records, the accessibility and value of this information in the digital format have become irresistible to malicious actors.

In Kenya, various electronic medical records systems are in place in both public and private health facilities, all aimed at enhancing health services and providing patients with better experiences. With each visit, substantial patient information is recorded, forming a historical record of their medical journey.

However, these treasure troves of sensitive data, containing personal and medical histories, have become magnets for cybercriminals. The appeal of medical records to cybercriminals lies in several factors, each adding to their desirability and lucrative potential.

Firstly, these records contain a wealth of personally identifiable information such as names, addresses and insurance details. Armed with this data, criminals can execute various identity theft and financial fraud schemes, leaving patients vulnerable and healthcare institutions liable for substantial damages.

Medical records

In a country where politics is often competitive and, at times, contentious, medical records may be misused to malign or humiliate individuals or their families, leading some well-off and influential individuals to seek medical services abroad.

Beyond financial gains, medical records hold an individual's complete medical history, diagnoses, treatment plans and prescriptions. Unscrupulous actors can exploit this sensitive information for targeted extortion, blackmail or even corporate espionage.

The rise of ransomware attacks on healthcare institutions worldwide further underscores the urgency for robust cybersecurity in the healthcare sector, even though such attacks may go unreported.

A successful cyber-attack on medical records has consequences far beyond individuals. Manipulated medical data could lead to misdiagnoses, incorrect treatments, or even fatal errors, seriously impacting public health and safety.

The trust between doctors and patients, which is the foundation of the doctor-patient relationships, can be eroded by breaches of medical records, potentially deterring patients from seeking essential medical attention.


To counter this ever-present threat, cybersecurity must be a top priority for healthcare institutions. Strengthening defences against cyber-attacks involves implementing multi-layered security frameworks, adopting advanced encryption techniques, conducting regular vulnerability assessments and keeping abreast of the latest threat intelligence.

Moreover, fostering a culture of cyber vigilance within the medical community is crucial, as human error remains a significant factor behind security breaches.

Government agencies, such as the Ministry of Health, ICT, and Interior, also play a pivotal role in addressing this issue. Ultimately, protecting medical records demands unwavering commitment from all stakeholders, acknowledging the paramount importance of safeguarding patient privacy and data integrity. Cybersecurity must become ingrained as an integral part of the healthcare ecosystem to significantly diminish the attractiveness of medical records to cybercriminals.

Mr Wambugu is an accredited expert in cloud and cyber security. [email protected] Twitter: @Samwambugu2