Biggest Cyber Threats in Healthcare (Updated for 2022)

Edward Kost
Edward Kost
updated Aug 08, 2022

The combination of poor cybersecurity practices, sensitive data storage, and a desperation to preserve business continuity at all costs, makes the healthcare industry a prime target for cybercriminals - an inevitability that was further exacerbated by the pandemic.

To support the relevance of healthcare cybersecurity programs within the current cyberattack climate, the 4 biggest cybersecurity challenges in the healthcare industry are listed below. These cyber threats pose the highest risk to patient information and healthcare data security.

1. Phishing

Phishing is the most prevalent cybersecurity threat in healthcare. Phishing is the practice of infecting a seemingly innocuous email with malicious links.

The most common type of phishing is email phishing. Phishing emails can look very convincing, and they usually reference a well-known medical disturbance to incentify link clicking.

Here's an example of a phishing email posing as a message from the World Health Organization.

phishing email example

To deepen authenticity and minimize suspicion, some advanced threat actors compose phishing emails as replies in an existing email thread.

Example of an email reply chain attack.
Example of an email reply chain attack. The first email in the sequence is the hijacked reply.

When a link in an email scam is clicked, users are directed to a decoy web page usually mirroring a login screen for familiar internal software. Once these credentials are submitted, cybercriminals almost instantly use them to gain access to healthcare systems.

This event occurs during the delivery phase of the cyberattack kill chain.

Cyber attack lifecycle
Cyber Attack Lifecycle

Because most cybercrime begins with a phishing attack, and phishing has one of the highest financial impacts on an organization, phishing defenses should be referenced in healthcare information security initiatives.

Learn more about phishing.

2. Ransomware Attacks

During a ransomware attack, malware is injected into a network to infect and encrypt sensitive data until a ransom amount is paid.

This malicious software is usually injected into a system through a phishing attack.

Ransomware attacks are a growing threat amongst healthcare providers according to an analysis last year. More than 1 in 3 healthcare organizations globally fell victim to a ransomware attack in 2020.

The reason for its prevalence is that hackers understand how critical it is for the healthcare sector to minimize operation disturbances. During a ransomware attack, healthcare victims panic, fearing the regulatory consequences that follow the theft of patient data.

This increases the chances of a ransom payment despite the F.B.I's stern directive against such a response.

The prevalence of ransomware attacks is further fueled by the adoption of new technology to automate attacks. Inspired by the implementation efficiencies of the Business as a Service (BaaS) model, hackers have created their own variation known as Ransomware-as-a-Service (Raas).

Ransomware-as-a-Service Workflow
Ransomware-as-a-Service Workflow

Under the RaaS model, the usual technical acumen is no longer a prerequisite to launching a ransomware attack. Any aspiring cybercriminal can sign up and launch an attack with the software with minimal cyberattack knowledge - just like how BaaS users don't need to be experts to become proficient in an area addressed by a BaaS solutions.

To respond to the critical security threat of Ransomware, healthcare IT vulnerabilities that are commonly exploited during ransomware attacks must be addressed with appropriate security measures.

All such cybersecurity risks and attack vectors can be instantly surfaced with an attack surface monitoring solution.

Learn more about ransomware.

3. Data Breaches

The healthcare industry suffers a disproportionally large amount of data breaches compared to other industries.In 2020, the average number of data breaches that occurred every day in the healthcare sector was 1.76.

HIPAA specifies strict requirements for protecting health records and other sensitive information from unauthorized access, but many health entities struggle with the implementation of its security controls.

Such cybersecurity gaps leave entry points for cyber attackers that continue to threaten the safety of patient care data, despite efforts to mitigate these events with frameworks like HIPAA.

Instead of a complete cybersecurity overhaul, such overlooked vulnerabilities can be detected with an attack surface monitoring solution, to extend the efforts already financed by security budgets.

Ideally, such a solution must be capable of also addressing the third-party vendor network, since this threat landscape could facilitate indirect access to sensitive data, such as social security numbers, credit card numbers, and even medical device intellectual property.

Learn more about data breaches.

4. DDoS Attacks

A Distributed-Denial-of-Service attack is a flood of fake connection requests directed at a targeted server, forcing it offline. During this attack, multiple endpoints and IOT devices are forcibly recruited in a botnet via a malware infection to participate in this coordinated attack.

Botnet Launching a DDoS Attack
Botnet Launching a DDoS Attack

DDoS attacks don't have the same data exfiltration risks of a ransomware attack, but they do have the same operational disturbance effects. The considerable benefit of DDoS attacks is that they can achieve the same disturbance without having to compromise a network, making them easier to deploy at a much wider scale.

The speed and devastation that's possible with these attacks has led to their adoption of the ransom model. Now, DDoS attackers could force a healthcare organization offline and only discontinue their attack if a set ransom is paid.

Thankfully, the impact of these attacks could be mitigated with a network of Reverse Proxy servers.

How Healthcare Organizations Can Improve Their Security Posture

Healthcare organizations can increase their security posture by addressing the following 4 tenants of a resilient cybersecurity program:

Increase Visibility

You cannot address security risks if you do not see them. An attack surface monitoring solution will instantly display all vulnerabilities associated with cloud solutions within a private network.

Improve Third-Party Security

Almost 60% of data breaches occur via a compromised third-party vendor. In other words, if your incident response efforts are only focused on internal cyber threats, your security teams have only addressed less than half of the risks that facilitate breaches.

Improving the security postures of all third-party vendors involves an orchestrated effort between risk assessments, security ratings, and Vendor Tiering.

Expand Cyber Threat Awareness

To prevent staff from falling victim to phishing attacks and other clever social engineering attempts, they should be educated about how to identify common cyber threats and previous malicious attack behaviors.

Cyber awareness training can be facilitated through webinars or by referencing free cybersecurity resources.

Implement Multi-Factor Authentication

Multi-Factor Authentication (MFA) is one of the simplest security controls to implement, and in many cases, it could be enough of an obstacle to thwart an attack attempt.

It's estimated that up to 90% of cyber attacks could be prevented with MFA enabled on endpoints and mobile devices.

Every healthcare entity should be implementing MFA as a minimum security measure.


UpGuard logo in white
UpGuard free resources available for download
Learn more

Download our free ebooks and whitepapers

Insights on cybersecurity and vendor risk management.
UpGuard logo in white
eBooks, Reports & Whitepapers
UpGuard free resources available for download
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

See UpGuard In Action

Book a free, personalized onboarding call with one of our cybersecurity experts.
Deliver icon

Sign up to our newsletter

Get the latest curated cybersecurity news, breaches, events and updates in your inbox every week.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating