Cybersecurity Threats in Healthcare Industry

Cybersecurity Threats in Healthcare Industry

Healthcare cybersecurity is a crucial field of information technology that focuses on safeguarding healthcare systems. These systems include electronic health records (EHRs), health tracking devices, medical equipment, and software utilised for healthcare management and delivery. The primary objective of healthcare cybersecurity is to prevent unauthorised access, use, and disclosure of patient data by defending systems from cyber attacks. The protection of patient data's availability, confidentiality, and integrity is essential, as any compromise of this data could put patients’ lives at risk.

Hospitals are attractive targets for hackers, with hundreds or thousands of patients on their premises, making healthcare cybersecurity a significant concern for hospital leaders. Recent research reveals that 67% of healthcare organisations in the UK have suffered a cybersecurity incident over the last year. With new data regulations and technologies being introduced across the healthcare supply chain and a significant shift towards digital transformation, the industry remains vulnerable to potential cyber attacks.

Healthcare cybersecurity threats can occur in several ways, including stolen data, corrupted or deleted data that may go unnoticed for years, and hacked medical devices that can cause direct harm to patients. It is noteworthy that healthcare is the only industry globally in which internal sources pose the most significant threat to data breaches. Healthcare organisations must continuously improve their cybersecurity measures to protect patient data and ensure uninterrupted healthcare services.

High-profile attacks affecting the healthcare sector

The healthcare industry now has a significant dependency on digital technology, from electronic health records and scheduling to scanners, x-rays, and laboratories. An outage can have a direct impact on patient care and may create risk to life. 

For example, in May 2021, Ireland's Health and Safety Executive suffered a malware attack that disabled many computers and devices, with the hacking group Conti claiming to have stolen 700GB of patient data.

One of the most significant cyber attacks in healthcare was the WannaCry ransomware attack in May 2017. It encrypted data and files on 230,000 computers in 150 countries, impairing the functionality of the NHS in England. Key systems were blocked, preventing staff from accessing patient data and critical services. However, the WannaCry attack was not directly targeted at the NHS, with other major organisations also affected, including Telefonica, FedEx, Nissan, and the Bank of China. Nevertheless, the biggest impact was felt by the NHS, highlighting how vulnerable the healthcare industry is to cyber threats.

Ransomware attacks can significantly impact hospitals, such as the 2018 attack on the Hancock Regional Hospital in Greenfield, Indiana, which resulted in the hospital paying a ransom of four bitcoins valued at $55,000 to get its data back. 

In May 2021, a ransomware attack on the Health Service Executive (HSE) in Ireland caused 80% of the HSE IT environment to become encrypted, disrupting healthcare services throughout the country. Outpatient clinics and healthcare services were cancelled, and medical appointments dropped up to 80%, significantly affecting radiotherapy services.

The information systems of five different hospitals were also disabled by an attack that took place in New Zealand during May 2021.

Similarly, in September 2020, patient records for around 400 hospitals and healthcare facilities in the United States and the UK became inaccessible, leading to delayed patient care and the rerouting of ambulances. This disruption lasted for three weeks.

The main cybersecurity threats in healthcare

Cyber criminals target healthcare businesses due to their high-value patient data and low tolerance for downtime. The top cybersecurity threats faced by the healthcare sector include phishing, ransomware attacks, data breaches, insider threats, unsecured Internet of Things (IoT) devices, and DDoS attacks.


Phishing attacks trick users into disclosing passwords or other personal information, usually through targeted communications like email or messaging. Cyber criminals send emails or messages with links to malicious websites or documents, encouraging users to click on them. When a user clicks on the link, they may unknowingly download malware, allowing the attacker to access sensitive data.

Ransomware attacks

Ransomware attacks are particularly dangerous, as cyber criminals infect hospital systems with malware and hold patient data hostage until a ransom is paid.  Hackers carry out these attacks by infecting computers with trojan viruses or by sending phishing emails.

Data breaches

Data breaches are another significant threat, potentially leading to the theft of sensitive patient information, like medical histories and insurance information. This information can be used for identity theft, fraud, and other malicious purposes. A data breach can also damage the reputation of a healthcare organisation and lead to loss of trust from patients.  

Insider threats

 Insider threats also pose a risk, with individuals working within the health sector sometimes disclosing information through accidental, negligent, or intentional actions. As such, insider threats might lead to serious, comprehensive damage to a healthcare organisation. Special solutions such as PAM or employee monitoring systems can help to prevent these types of attacks. 

Unsecured Internet of Things (IoT) devices

In recent years, IoT devices have gained immense popularity and are generally ubiquitous across diverse industries. However, not all IoT devices follow safety protocols or cybersecurity best practices. Failure to segment these devices into their VLANs increases the risk of network security vulnerabilities.

Healthcare organisations can work closely with the manufacturer to ensure that IoT products meet or exceed security standards. This approach empowers security and technical staff to make informed decisions while acquiring IoT products for their operations.

DDoS attacks 

Distributed denial of service (DDoS) attacks are a type of cyber attack that aims to overwhelm network servers with an excessive amount of traffic, resulting in server crashes or unavailability. For a healthcare organisation, this can lead to critical systems being unavailable, hindering patient care. This includes accessing essential patient data, scheduling appointments, and managing bed capacity. Cyber criminals often target healthcare institutions for political or ideological reasons, posing a significant threat to patient privacy and safety.

How to protect from cybersecurity threats in healthcare

Protecting against cybersecurity threats in healthcare is crucial in the process of safeguarding patient data and ensuring the safety of healthcare professionals. As cyber threats become more advanced, it is essential for healthcare organisations to take a proactive approach to cybersecurity. This involves adopting a multi-angled approach, including:

  1. Investing in cybersecurity awareness: healthcare organisations must carry out staff awareness training on phishing, malicious email, and social engineering. Staff training and education on patient protection and cybersecurity play a crucial role in healthcare. Many people are unaware of how to secure information properly, especially when using technology.
  2. Using Security Information and Event Management (SIEM) systems increases log retention and availability, enabling healthcare organisations to detect and respond to potential cyber threats.
  3. Employing Privileged Access Management solutions: this solution ensures that only authorised personnel have access to sensitive data, minimising the risk of a data breach.
  4. Using an Endpoint Detection & Response (EDR) solution: an EDR solution with tamper protection allows for containment and eradication of active threats.
  5. Creating appropriate security policies and processes to integrate within your cybersecurity strategy.
  6. Regularly performing security audits and penetration testing identify gaps and weaknesses in your security system, enabling you to address them before a cyber attack occurs.
  7. Meeting compliance requirements: healthcare companies need to prioritise collecting and storing documentation of security policies, assessments, and any other activities that impact applicable data security regulations. In 2023, the healthcare industry will face unique challenges in the attempt to remain secure. However, concerted effort and vigilance can make it possible to safeguard healthcare organisations against cyber attacks. 

For more information about ways to guard healthcare organisations against cyber attacks, attend our upcoming webinar: Cybersecurity in the Healthcare Industry ⟩⟩ Free registration ⟨⟨