Wong Edan's
Cover
Coding & Algorithms

Hacking the Hospital: Why Your Medical Records Are More Popular Than You

March 25, 2026 • By Azzar Budiyanto

Greetings, carbon-based lifeforms and aspiring digital ghosts. It is I, the Wong Edan of the silicon valleys, coming to you with another dose of uncomfortable reality. You know, I used to think the scariest thing in a hospital was the price of a single aspirin or the mystery meat they serve in the cafeteria. But no. After digging through the federal data archives and the latest JAMIA Open reports, I’ve realized that your electronic health record (EHR) is currently the hottest item on the digital black market—more popular than a limited-edition sneaker drop and infinitely more profitable.

We are diving deep today into the “Health IT, hacking, and cybersecurity: national trends in data breaches of protected health information” study and its subsequent ripple effects through the 2020s. If you thought your privacy was safe because your doctor uses a fancy iPad, you are living in a dream world, my friend. Grab your tinfoil hats and let’s look at how the medical industry became the world’s favorite punching bag for hackers.

1. The 2018 Genesis: When the Trends Shifted from Theft to Hacking

Let’s start with the “Old Testament” of modern healthcare breaches. Back in July 2018, a seminal study was published in JAMIA Open by researchers like Kamil Cwikla and Christopher Levy. They leveraged federal data to understand what was actually happening to our Protected Health Information (PHI). Before this era, most data breaches were, frankly, quite stupid. Someone would leave a laptop in a car, or a janitor would accidentally throw a box of paper records into a dumpster. It was “physical” and “analog” incompetence.

However, the 2018 study highlighted a terrifying pivot. As the adoption of Health IT accelerated, the threat vector moved from “physical theft” to “intentional hacking.” The data showed that while the number of breach incidents was climbing, the nature of those incidents was becoming purely digital. Hackers realized they didn’t need to break a window to get your records; they just needed to find a port left open by a distracted IT admin who was too busy fixing a printer to patch a server.

“The rapid adoption of health information technology (IT) coupled with growing reports of ransomware and hacking has made cybersecurity a critical concern for the industry.” — JAMIA Open, 2018.

This study wasn’t just a warning; it was a prophecy. It analyzed trends where hacking and IT incidents began to outpace every other form of data loss. We shifted from losing 1,000 records because of a stolen bag to losing 100,000,000 records because of a single SQL injection or a phished credential.

2. The Pandemic Pressure Cooker: 2020 and the Exploitation of Chaos

Just as the industry was starting to digest the 2018 findings, 2020 happened. A pandemic is a hacker’s favorite flavor of chaos. In September 2020, reports emerged regarding “Cybersecurity Risks in a Pandemic,” referencing that same 2018 JAMIA study. Why? Because when the world went remote, healthcare systems were forced to open their digital doors wider than ever before.

Telehealth became the norm overnight. This meant more endpoints, more remote access, and more opportunities for “Wong Edan” style madness. Hackers didn’t care that doctors were trying to save lives; they saw a system under immense stress and decided to tighten the screws. The trends identified in 2018—specifically the rise of ransomware—exploded during this period. Ransomware wasn’t just about stealing data anymore; it was about locking the entire hospital system until they paid up in Bitcoin.

Consider the technical debt accumulated during this time. Hospitals were deploying systems faster than they could secure them. A typical log entry from a compromised medical gateway during this era might look something like this:


[2020-09-17 14:22:01] ALERT: Unauthorized access attempt detected on /api/v1/patient_records
[2020-09-17 14:22:05] WARNING: Multiple failed login attempts from IP 185.xxx.xxx.xxx (Location: Unknown)
[2020-09-17 14:23:45] CRITICAL: Exploit attempt 'EternalBlue' detected on legacy SMB service.
[2020-09-17 14:24:00] SYSTEM: Filesystem encryption initiated by process 'svc_admin_ext.exe'

When the system is under stress, the defense crumbles. The pandemic didn’t create new threats; it just amplified the ones Cwikla and Levy warned us about in 2018.

3. The Dominion and Change Healthcare Disasters (2025-2026 context)

Fast forward to the “future” data points provided by the HIPAA Journal and the National Cyber Threat Assessment. If you thought 2018 was bad, the 2025-2026 landscape is a literal digital dumpster fire. The HIPAA Journal reported a massive breach involving Dominion Dental Services, Inc., Dominion National, and Dominion Dental Services USA. The scale? A staggering 2,964,778 records compromised via hacking/IT incidents.

But the real “crown jewel” of systemic failure is the Change Healthcare incident mentioned in the 2025-2026 National Cyber Threat Assessment. In this case, the industry finally stopped pretending. Change Healthcare admitted it paid ransomware hackers to get its data back and resume operations. This is the ultimate “Wong Edan” moment: a massive, multi-billion dollar infrastructure paying a ransom because their “impenetrable” Health IT system was effectively turned into a $20 paperweight by a piece of malicious code.

This confirms a grim national trend: Ransomware is no longer an annoyance; it is a business expense. When companies like Dominion National lose nearly 3 million records, we aren’t just looking at names and addresses. We are looking at:

  • Social Security Numbers (SSNs)
  • Dental and medical insurance claim numbers
  • Member ID numbers
  • Bank account information

If a hacker has your SSN and your medical history, they don’t just steal your identity; they steal your entire life’s narrative. They can file false insurance claims, get prescriptions in your name, or even ruin your credit score while you’re in the recovery room.

4. The Hardware Horror: Hacking Medical Devices

Now, let’s talk about the stuff that actually touches your body. A systematic review of recent trends reveals that the hacking of personal medical devices is no longer the plot of a bad Hollywood movie. As we integrate “Intelligent Medical Diagnosis” systems and IoT devices into patient care, the attack surface expands from the server room to the patient’s bedside.

Imagine a pacemaker or an insulin pump connected to the hospital’s network. If the EHR system is compromised, what stops a malicious actor from pivoting to the connected medical devices? The JAMIA Open research from 2018 touched on the risks to PHI, but the more recent technical reviews highlight the risk to patient safety. If a hacker locks an Electronic Health Record (EHR) system, a physician might not know that a patient has a lethal allergy to a specific medication. In this context, cybersecurity isn’t just about “data”; it’s about “not dying.”

Technical pathways for attacking these Intelligent Medical Diagnosis systems often involve exploiting the communication protocols between the device and the central database. Here is a simplified representation of a vulnerable data packet structure for a legacy medical device:


STRUCT PatientDataPacket {
UINT16 DeviceID; // No encryption header? Seriously?
CHAR[32] PatientName; // Sent in Plaintext
FLOAT GlucoseLevel;
CHAR[64] AuthToken; // Static token vulnerable to replay attacks
};

When “Wong Edan” sees code like that in a clinical environment, he doesn’t know whether to laugh or cry. We are putting 21st-century medical tech on top of 1990s-era security protocols.

5. The National Cyber Threat Assessment: 2025 and Beyond

According to the Canadian Centre for Cyber Security’s National Cyber Threat Assessment 2025-2026, the trends are clear. The healthcare sector remains a primary target for state-sponsored actors and cybercriminals alike. Why? Because the data is “evergreen.” A credit card number can be changed. Your medical history—your chronic conditions, your surgeries, your DNA—is permanent. You can’t just “reset” your gallbladder surgery records.

The assessment outlines that these trends are driven by two main factors:

  1. The Value of the Data: PHI fetches a higher price on the dark web than any other data type.
  2. The Criticality of Operations: Hospitals are more likely to pay ransoms because every minute of downtime can be measured in lives lost.

The 2018 study’s conclusion—that hacking and IT incidents are the primary drivers of data breaches—has been validated every single year since. We have seen a shift from “opportunistic” hacking to “industrialized” cybercrime. Groups are now specializing in “Healthcare-as-a-Service” (HaaS), but the “service” they provide is systemic extortion.

6. Mitigation and Defense: Is There Any Hope?

So, what do we do? Do we go back to paper files and carrier pigeons? While “Wong Edan” loves the aesthetic of 19th-century medicine, it’s not practical. The systematic reviews suggest several “defence pathways” for Intelligent Medical Diagnosis and general Health IT:

  • Zero Trust Architecture: Stop assuming that just because a device is inside the hospital Wi-Fi, it’s “safe.” Every request must be authenticated and authorized.
  • End-to-End Encryption: PHI must be encrypted at rest, in transit, and even during processing where possible. No more plaintext patient names in data packets!
  • Immutable Backups: If Change Healthcare had immutable, air-gapped backups, would they have needed to pay the ransom? Probably not.
  • Regular Federal Data Audits: Organizations must use the findings from the 2018 JAMIA study to perform gap analyses on their own systems.

If you are a developer in the Health IT space, your code shouldn’t just “work.” it should be a fortress. Here is a conceptual snippet of what a more secure data handling function might look like (pseudo-code):


FUNCTION Secure_Store_Patient_Data(data):
// 1. Validate Input (Anti-Injection)
IF NOT Is_Valid_Sanitized_JSON(data): RETURN ERROR_INVALID_INPUT

// 2. Encrypt Data with AES-256-GCM
encrypted_blob = AES_Encrypt(data, Get_System_Key())

// 3. Log Access with Non-Repudiable Audit Trail
Log_Audit_Trail(User_ID, Action_Type.WRITE, Timestamp.Now())

// 4. Store in Isolated Database Segment
DB_Isolated_Write(encrypted_blob)
END FUNCTION

It’s not rocket science; it’s just basic hygiene. But in the world of healthcare, we’ve been skipping the “washing our hands” equivalent of digital security for decades.

Wong Edan’s Verdict

Listen, you beautiful disasters. The data from 2018 to 2026 tells a very clear story. We moved into the digital age with our eyes closed and our pockets open. The studies by Cwikla, Levy, and the various HIPAA journals aren’t just academic exercises; they are the autopsy reports of our privacy. We are seeing a national trend where “hacking” is the default method for data breaches because it is efficient, scalable, and—unfortunately—highly successful.

The Change Healthcare admission of paying a ransom is a watershed moment. It signals that our infrastructure is so fragile that we’d rather fund the criminals than fix the system. If we don’t start prioritizing cybersecurity as a component of Patient Safety—on the same level as sterilization and surgical accuracy—then we are just waiting for the next Dominion National-sized breach to wipe out what’s left of our digital dignity.

In short: Your doctor might be great at fixing your heart, but if their IT department is still using “Admin123” as a password, your records are already on a server in a country you can’t point to on a map. Stay paranoid, stay encrypted, and for the love of all that is holy, patch your servers!

Wong Edan out.