• News
  • Columns
  • Interviews
  • BW Communities
  • Events
  • BW TV
  • Subscribe to Print
  • Editorial Calendar 19-20
BW Businessworld

Top Healthcare Cyber Attacks And Threats

With the heightened value of healthcare data and the increasing business-technology healthcare attack surface, organizations in the healthcare industry need to be aware of the most significant cyber-attack risks and threats they face in the years ahead.

Photo Credit :


Even before the novel coronavirus pandemic, which forced healthcare organizations to shift to provide patients remote care and telemedicine rapidly, the healthcare industry had already embraced the cloud, as well as the digital transformation of their technology systems and business models.The result for healthcare security teams is that they have a much larger and more dynamic attack surface in which to contend.

The result for healthcare cybersecurity teams is that they have an ever-increasing attack surface they must protect when cyber-criminals are choosing to target healthcare organizations more than ever before. And one of the reasons they're targeting healthcare data is because it's so valuable within the underground markets. 

With the heightened value of healthcare data and the increasing business-technology healthcare attack surface, organizations in the healthcare industry need to be aware of the most significant cyber-attack risks and threats they face in the years ahead. Here they are:

The continuing ransomware plague

Ransomware remains one of the most popular attacks against healthcare security organizations. Organizations have been advised not to pay ransoms, as doing so not only fuels additional criminal activity, but many organizations don't successfully regain access to their files after payment. Its advised for data to be regularly backed up, and backup copies are air gaped and password-protected offline.

Healthcare providers should focus on staff security awareness and training. Because end users are targeted, healthcare organizations should "make employees and stakeholders aware of the threats—such as ransomware and phishing scams—and how they are delivered. Additionally, provide users training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities. While the healthcare industry will constantly be attacked with ransomware, how ransomware attacks are conducted against healthcare organizations will undoubtedly change. 

Denial-of-service attacks block healthcare availability

While ransomware, for a good reason, gains most of the headlines, ransomware isn't the only type of extortion attack healthcare organizations have to remain on the lookout against. Denial-of-service attacks have also long been part of extortion-type attacks. Only with these attacks, instead of encrypting data and demanding payment before providing the recovery key, criminals knock services offline through some type of disruptive attack. Essentially, Denial of Service (DoS) attacks make some IT asset — anything from a server or web application/site to an IoT device (such as a networked medical device) — unavailable for use.

While there are many different types of denial-of-service, such as SYN Flood and SMBLoris, attacks, the attacks are essentially different variations of flooding assets with traffic to overwhelm the device to the point that the service the device is expected to provide is "denied."

There are many reasons why attackers conduct DDoS attacks. Sometimes attackers want to make a political statement and use the attack to knock their target offline to gain attention to some perceived wrong or political position. Other times the DDoS attack is designed to extract an extortion payment from their victim before access to the disrupted services is granted. When it comes to healthcare organizations, DDoS attacks can be especially troublesome. While they obviously can place patient data at risk of exposure, they can also stop systems used to schedule appointments or keep doctors locked out of the systems they need to deliver care — therefore placing lives at risk. That makes it critical healthcare organizations know how to overcome DDoS attacks. 

Phishing for credentials and data

Phishing attacks continue because they work. For decades now, the most successful way to compromise a business was simply sending malicious emails and waiting for someone within the organization to click on a malicious link or open a malicious attachment, which is why phishing remains one of the most dangerous vectors of attack. That phishing, either general phishing attempts or spear-phishing attempts, is the typical initial point of compromise. What makes matters worse is that many staff members aren't sure what a phishing email looks like. 

So, what can healthcare organizations do to help mitigate the risks of phishing attacks? First, they can provide all of their employees' security awareness training. And not just once and done, or once a year — but regular prompts through training, webinars, newsletters, and reminders. Another is requiring multi-factor authentication to access applications and IT services. That way, even if an employee hands over their credentials, the attackers will also need to find a way to bypass the stronger authentication. Of course, some phishing attacks will be successful, so endpoints must be protected with antimalware and endpoint detection and response software.

Attacks on healthcare web applications

As healthcare providers continue to digitally transform their organizations, the number of web applications they rely upon grows. Unfortunately, the number of web applications with security-related flaws is high in healthcare. Attackers will continue targeting web applications because that's where enterprise data reside. To improve application security, healthcare organizations must adopt practices within their development practices, including conducting code security reviews earlier in the development process and increased collaboration between security teams and application development teams. And they should regularly scan their applications for vulnerabilities and build effective patch management processes. There should also be periodic penetration tests conducted designed to test the efficacy of web app security and intrusion detection capabilities. Also, because of digital transformation efforts, healthcare organizations are embracing the cloud in record numbers, which has also led to a rise in attacks on healthcare clouds. 

How should healthcare organizations improve cloud security? A lot of it has to do with maintaining basic cloud security hygiene. Healthcare organizations need to understand what cloud services are running in their organization, where their patient and other critical data are running, and ensure that these third-party providers have mature security programs themselves. And just like with on-premises systems, it's crucial to manage access to these cloud services. That means effective identity and access management and multi-factor authentication designed to protect cloud services from phishing attacks that target those services.

No matter how diligently healthcare providers work to mitigate the threats that target these risks, there will still be successful attacks. This is why having a plan for effective incident response is so important. Such a plan must include proactively seeking potential threats within your systems and having the capabilities to respond to remove those threats and mitigate their damage.

Disclaimer: The views expressed in the article above are those of the authors' and do not necessarily represent or reflect the views of this publishing house. Unless otherwise noted, the author is writing in his/her personal capacity. They are not intended and should not be thought to represent official ideas, attitudes, or policies of any agency or institution.

Tags assigned to this article:
Cyber Security Threats healthcare

Zakir Hussain

The Author is the Director at BD Software Distribution

More From The Author >>