7 types of cyberthreats plaguing the healthcare industry

Ideally, healthcare would be the last industry to be targeted by hackers and cyberattackers—surely no one would want to cripple critical hospital infrastructure and play around with lives. However, the healthcare industry continues to be the most affected in terms of average data breach cost, peaking at $9.2 million in 2021 (over R130 million.)

But why healthcare?

It’s not that healthcare executives don’t want to invest in cybersecurity solutions, but there are many barriers in the way. Continuous evolution of cyberattacks, outdated medical infrastructure, and the high market value of private patient information are a few reasons why the healthcare industry continues to battle cyberthreats like no other.

Moreover, there’s also a lack of time and resources to train healthcare staff on the nature of cyberattacks. Though they might be well-trained to save lives, they’re not adequately educated in understanding the consequences of online risks.

Upon further digging and scouring multiple sources, we’ve identified the most common cyberattacks threatening the healthcare industry.


Ransomware was the most common and the fastest growing type of malware in 2021, and in 2022, it shows no signs of slowing down. It’s also the attack vector most opted for by threat actors targeting the healthcare sector. In a typical ransomware attack, threat actors gain access to and encrypt sensitive data, forcing victims to pay a ransom in exchange for releasing that data. Simply put, data is being held hostage. Instead of paying the ransom, it’s better to invest a fraction of that money into data encryption and backup tools.

Data theft

A hacker stands to gain more from selling personal health information (PHI) than selling credit card details on the black market. The average cost of a single PHI record on the black market is $355 (over R5000.) To put that into perspective, the average cost per record of credit card information stands at a measly $1-$2 (between R14 and R30.) Organisations in the US can stay up to date on recorded healthcare breaches on this site. Data breaches can occur for multiple reasons, like weak or stolen credentials or malware, some of which we’ll look into below.

Unauthorised access

The first and most important rule for protecting patient medical records is to secure them from the inside out. This is done by ensuring that only a specific group of individuals within the company are allowed to access them, including employees and authorised third parties. Critical PHI or personally identifiable information (PII) should not only be secured from the prying eyes of cybercriminals but also from people within the organisation whom it doesn’t concern.

A hacked network server

A healthcare network, unlike IT systems in other industries, is a ubiquitous platform that connects different parts of a healthcare organisation, including MRI machines, patient monitoring tools, workstations, operating systems, peripheral devices, and computers. While these multiple components enhance the overall healthcare experience, they also increase the attack surface of the organisation.

This complicated interplay of assets may lead to network blindspots, which can be a breeding ground for backdoors and weaknesses that hackers can exploit. To curb this, it’s recommended to fortify healthcare networks with a combination of firewalls, intruder prevention systems, and vulnerability detection and remediation tools while deploying a unified endpoint management solution to improve visibility in the network.


A typical blueprint of any cyberattack involves probing the network for weaknesses and exploiting those weaknesses to gain unauthorised access to files and information. In the case of phishing, the major weakness that’s usually exploited is us: humans.  Training healthcare personnel, setting up privileged access, and enforcing multi-factor authentication can keep phishing attacks in check.

Compromised business emails

This attack is a form of phishing, but instead of targeting the hospital network, the main victims are the employees working there. Cybercriminals impersonate someone from senior management and trick employees or healthcare departments into transferring funds into the cybercriminal’s account using a combination of spoofed emails and social engineering.

Unsecure servers or databases

Hospitals sometimes inadvertently store patient records on a public facing server in a way that someone with an internet connection can easily access. This can result in a full-blown security lapse, risking thousands, if not millions of PHI records. Thankfully, compliance mandates like HIPAA ensure that healthcare organisations handle and store PII more securely.

Wrapping up

Healthcare organisations are growing increasingly dependent on IT. Though organisations adopt advanced technologies to improve the patient experience and automate workflows, these technologies are seldom designed with security in mind. And although this may increase the attack surface, it should never be a deterrent to innovation.

Like this article?

Share on Facebook
Share on Twitter
Share on Linkedin
Share on Pinterest
Share on Whatsapp
Share by Email

Related Products