Healthcare Cybersecurity


Healthcare Cybersecurity

As the healthcare industry is suffering a number of impediments, from staffing shortages to increased patient numbers due to still active COVID, it is important to highlight another burning issue plaguing the industry: cyber attacks.

In fact, for eleven consecutive years, healthcare has been the number one industry attacked by individuals for ransomware. Several reasons make healthcare an attractive target for hackers: cyber attacks in healthcare are directly correlated to a country’s infrastructure. Obstructing the flow of a country’s medical institutions leads to numerous consequences. Furthermore, the sensitive nature of protected health information (PHI) makes it borderline perfect for ransomware, where attackers would illegally obtain patient information and leverage it by threatening the medical institution, patients themselves, or auctioning the information on the dark web.

What is Ransomware?

As the name suggests, ransomware relies on ransom. The attackers commit a hospital cyber attack using malicious malware that renders all the information a medical institution handles inaccessible. This is detrimental for several reasons:

  • The attackers gain access to personally identifiable information.
  • They shut down the medical organization’s systems.
  • They force the organization’s staff to transition back to outdated forms of record keeping such as pen and paper, significantly slowing down the processes of admitting patients and delivering care.

The following statement exemplifies the danger of healthcare cyber attacks: The MS-ISAC teamed up with other organizations to educate and inform health providers across the United States about the risks of data breaches.

Malware usually enters the organization in one of the following ways:


  • Phishing emails
  • Users clicking on malicious links
  • Advertising containing malware

Therefore, it is essential to teach the staff, doctors, and any other member of an institution how to handle their technology and take preventive measures not to get infected by malware.

Data Breaches in Healthcare

Cyber security in healthcare is slowly becoming the priority of the healthcare industry, given the rapid shift towards the digitalization of data. Seamless connectivity of different EHRs and communication between various systems are now essential for fast and efficient healthcare delivery. It is precisely due to said interconnectedness that the dangers of malicious software are so great in today’s world.

On May 20, 2022, Blackbaud, a cloud software company, partially managed to prevent a malware attack. Healthcare and cybersecurity intersect here, as Blackbaud powers 30 of the 32 largest nonprofit hospitals in the U.S.
Various sensitive information was stolen: from social security numbers to passport numbers and drivers’ licenses. While initially, it seemed as if it would be impossible to determine the exact number of affected individuals, a subsequent investigation by the Identity Theft Resource Center (ITRC) revealed the following: 536 organizations and close to 13 million people were affected by this breach.

Healthcare cybersecurity threats pose a significant danger to organizations and individuals. Even so, experts agree that organizations shouldn’t pay ransom for these breaches as it incentivizes further attacks. It almost makes it seem as if hacking and stealing information can be made into a profession in its own right. Further, even after the requested amount is paid, there is no guarantee that organizations or individuals will get their information back.

Even so, Blackbaud opted to pay an undisclosed amount and answer their healthcare cybersecurity threat in this manner.

In May 2021, an FBI flash alert reported that Conti hacking group had targeted at least 16 healthcare networks, claiming almost 400 organizations as victims, 290 of which were in the United States.

Previously, the group had targeted Ireland and brought it to its knees, costing the country over $100 million in the aftermath of the attack. Unlike other groups who, at the very least, claimed that they wouldn’t target healthcare organizations, Conti had no such scruples regarding healthcare cyber attacks. Like similar groups, Conti resorts to phishing, word documents with embedded Powershell scripts, or stolen Remote Desktop Protocol credentials, giving security experts additional headaches when combatting cyber threats.

Cyber Attacks on Hospitals

As was previously mentioned, several pragmatic reasons make healthcare organizations, such as hospitals, a perfect target for hackers. Hospital personnel is usually not adequately trained to deal with online threats. Hospital cyber attacks are also convenient due to many medical devices, generally belonging to legacy systems requiring security updates. That said, a simple and understandable reason hackers choose medical institutions is that it pays well.

According to IBM, for twelve years in a row, healthcare has been the top industry in the average total data breach cost, averaging more than $10 million per breach. That puts healthcare in front of finance, pharmaceuticals, and technology.


Blog, Average cost of a data breach by industry

Healthcare cybersecurity is lacking for more than just the reasons listed above. Targeting it became a lucrative endeavor since medical organizations tend to be more ready to pay ransom to get their data and systems back. Agreeableness to pay ransom has been on the rise, considering that, in 2020, 34% of organizations were willing to pay for decryptors following data breaches. In 2021, that number rose to 61%, which also explains a large number of hacking of medical institutions.

Blog, Breaches by Type of Attack

Cybersecurity Healthcare

According to the University of Maryland, there is a new cyber attack every 39 seconds. This means that modern organizations have to take proper steps to ensure the safety of their operations. An effective method of protecting oneself from malware is artificial intelligence.

AI in healthcare serves multiple purposes. From diagnosis and treatment, scanning, and even drug development, it is easy to understand how artificial intelligence is an essential asset in multiple facets of the industry. Now, it has a purpose in cybersecurity in healthcare.

As an old proverb goes: prevention is better than cure. The examples above highlight just how expensive and detrimental breaches can be. That is why organizations must utilize AI to identify and address potential threats before the damage is done. Serving almost as anti-bodies, AI can recognize “abnormal” behavior within a system. It can find and eliminate threats, limit access to specific system segments, and remove human error. Therefore, AI can stop healthcare cyber attacks before they cause costly damage and interruptions to an organization that can’t afford to be disrupted.

In the peculiar healthcare industry, disruptions mean delayed care delivery and potential loss of life. From legacy systems to vulnerable devices that make cyber attacks possible, a medical organization’s processes must continue without disruptions. AI has the potential to walk the fine line between identifying threats and not causing interruptions to the overall flow of an organization. That is why we need to raise the standard of healthcare cybersecurity – and AI is one of the ways to do so.

Meta: Discover why healthcare presents a perfect sector for ransomware and why increased cybersecurity should be the industry’s focus in the following years.