Healthcare Cybersecurity: Threats and Mitigation

The healthcare industry is one of the most regulated and heavily scrutinized industries globally. Healthcare providers and payers are subject to rigorous requirements and obligations imposed by law, regulation and policy. Additionally, healthcare cyber threats have been a serious concern for years due to a number of factors. This blog post will discuss cyber-threats around healthcare that may lead to adverse consequences, followed by mitigation tips.

Threat actors find healthcare organizations an attractive target because they store highly sensitive, personally identifiable information (PII) about their members/patients. These include names, addresses, dates of birth or death, social security numbers (SSNs), health insurance identification numbers (HINs) and account numbers representing payment instruments like credit card details. These, combined with demographic data, provide enough information for healthcare cyber-threat actors to steal identities or commit healthcare fraud. Additionally, personal information about one's health and relevant records makes it an attractive option for cyber-criminals as it has an underground market value.

Most Common Cyber-Threats in Healthcare

The healthcare industry is becoming a major target for cyber-criminals because it offers an attractive and viable business opportunity. Cyber-attackers can take control of connected medical devices, disrupting healthcare systems. The following are the most common healthcare cyber-threats in healthcare organizations:

Data Breaches

Healthcare data breaches can be accidental or intentional. The healthcare provider is responsible for protecting patient information and maintaining the confidentiality of that information, which means healthcare data leakage can happen when hospitals and healthcare providers fail to implement reasonable and appropriate security measures.

How to Prevent Data Breaches in Healthcare?

Healthcare providers should take appropriate measures to protect patient data from cyber-attacks. They must conduct a risk assessment and implement security controls as per NIST guidelines for mitigating cyber healthcare threats. Conduct regular penetration testing, vulnerability assessments and cyber-risk analysis audits to know how efficient your security controls are. This also includes logging and monitoring, incident response and continuous development areas in cyber.

Insider Threats

Insiders carry out cyber-attacks against their employers either voluntarily or because they have been forced to. In both cases, an insider has legitimate access credentials necessary for committing a healthcare data breach or other types of cyber healthcare threats. For example, a disgruntled employee who stole PHI from his employer's network sold it to a third party and then posted it online to get revenge on his former employer is considered to be an insider threat regardless of whether he acted alone, with employees from another organization or part of a criminal group. The same applies when hackers pose as healthcare employees or healthcare patients to access healthcare networks and systems.

Social Engineering Schemes Like Phishing and Pretexting

The healthcare sector is heavily targeted by attacks that launch social engineering schemes to exploit healthcare organizations' trust in their employees and patients. For example, a typical phishing attack involves healthcare sector employees receiving emails that appear to be from healthcare organizations, requesting them to click on links or open attachments. This activity can result in healthcare-sensitive data leakage and healthcare cyber-attacks.

"The healthcare sector is heavily targeted by attacks that launch social engineering schemes to exploit healthcare organizations' trust in their employees and patients"

Denial of Service (DoS) and DDoS Attacks

A DoS attack is conducted to overload the network with large volumes of traffic at once, so legitimate users cannot gain access unless they pay for priority service.

A healthcare DDoS attack is a more sophisticated version of a DoS attack, and it involves hackers who use botnets to direct large volumes of web traffic against healthcare servers.

To prevent these attacks, consider online WAF, CDN and caching services that help in fighting against DoS and DDoS attacks. Healthcare organizations should also implement an incident response plan to respond effectively to healthcare cyber-threats.

The Silent Killers: Malware & Ransomware Attacks

A malware attack can result from healthcare providers not following the best security practices or an intentional act by an attacker. Even if healthcare systems are not directly targeted by malware, they can still be affected if the healthcare provider uses third-party devices that become infected.

What is malware? Should you need a quick rundown of malware and its types, head over to different types of malware and examples.

A healthcare ransomware attack can disrupt the operations of healthcare organizations and cause patients harm. The internet is full of ransomware examples, but on a positive note, these attacks on healthcare providers are mainly via vulnerable systems or phishing attacks.

An In-Depth Strategy to Defend Healthcare Against Ransomware Attacks

Tip 1: Prevent Malware Delivery

Preventing malware from being delivered to your systems dramatically reduces the malware and ransomware threat. The various initiatives under this phase include secure remote access, email, web and DNS filtering to allow required file types and data expected by recipients.

The basic concept here is to do everything possible to minimize the malware transmission from reaching internal systems.

Tip 2: Prevent Malware Infection

Endpoints such as workstations, laptops and devices must be configured to prevent malware execution in line with a defense-in-depth approach. This is possible by ensuring secure hardening guidelines on all your endpoints.

Tip 3: Limit the Impact

Use the principle of least privilege to provide remote access for low privilege accounts. Privilege escalation usage shouldn't be a common task but an exceptional ask. Alternatively, use secure privilege access management solutions where privileged tasks are performed on need only basis.

Regularly review permissions for all the staff accounts without exceptions.

Tip 4: Protecting Medical Devices

Medical device security best practices should be followed to ensure cybersecurity improvement efforts are holistically working.

  • Utilize inventory data and ensure that you have identified all the devices across the estate. This forms the basis of your security initiative.
  • Ensure that you have a risk mitigation plan to reduce the likelihood of an attack and limit the infections in case of an active attack.
  • Apply mitigations to reduce the attack likelihood and impact of an attack.
  • Review your estate periodically or upon changes (new suppliers, new technology, asset changes or infrastructure upgrades), whichever is sooner.
  • Perform independent medical device pen testing and security assessments to identify weaknesses before threat actors leverage such vulnerabilities.

Tip 5: Backups

Ransomware attacks strive to find and exploit backup copies to improve their chances of payments. Make sure you're backing up your most important data regularly. Find out which information is most important for your company and test backup data restoration regularly to ensure it's functioning as expected.

At the very least, create one offline backup that is kept at a different location (offsite) from your network and systems. Where feasible, use cloud services to safeguard backups.


2020 and 2021 have shown us the need for health and healthcare systems in our society, even if it's only for a second. We are seeing this importance in the digital world with technological developments, and we're adding verification to build trust with healthcare providers.

Continually assess your risks with activities such as penetration testing to measure how your security controls are performing. It should be carried out after major changes, regularly at least once a year and acted upon with risk remediation plans to show improvements in the business processes.

Know your data, Hack yourself, Train yourself, Secure your partners and vendors.

Rinse and repeat.

What’s Hot on Infosecurity Magazine?