The Growing Cybersecurity Threat in Healthcare

October 29, 2024

The healthcare sector is increasingly becoming a prime target for cyber-attacks, with dire consequences that extend beyond financial damage. The FBI and Department of Justice now classify cyber-attacks on healthcare as “threat to life” crimes due to their potential to disrupt patient care and endanger lives. Let’s dive into why healthcare networks are targeted, what risks exist, and how cybersecurity professionals can protect this critical industry.

Why Target a Hospital or Healthcare Network?

Many attacks on hospitals are driven by opportunity rather than malice, except for state-sponsored cyber warfare. The attackers often aim to exploit vulnerabilities for financial gain or operational disruption. Here are two primary motivations:

Nurse in purple scrubs using an iPad
  1. Data Breach and Exfiltration
    Medical records are among the most valuable data on the dark web. While a stolen social security number may fetch a dollar and credit card information slightly over a hundred dollars, a single medical record can be worth $250 to $1,000. These records contain rich personal data, including medical histories, insurance information, and more, making them ideal for fraud and identity theft.
  1. Ransomware Attacks
    Healthcare is the third-largest target for ransomware attacks, with providers suffering an average financial impact of $9.2 million per attack. Ransomware locks healthcare data and demands payment for its release. Given the strict data retention requirements in healthcare and the need for real-time access to patient information, offline backups are rare. When an attack occurs, hospitals may have no choice but to pay, as delayed restoration can jeopardize patient care.

Key Risks in Healthcare Cybersecurity

The healthcare sector poses unique challenges due to its complex IT environment. Let’s explore the primary risks that make securing healthcare networks difficult: 

  1. Third-Party Infrastructure Risks
    Hospitals rely heavily on third-party systems that they don’t control. Medical equipment like TomoTherapy systems may come with entire server racks integrated into the hospital’s network but remain under the vendor’s control. This makes them prime targets—46% of ransomware attacks last year originated from third-party breaches.
  1. Antiquated Operating Systems
    Hospitals still rely on outdated technology for critical devices. For example, it’s not uncommon to see Windows XP running a mobile X-ray machine. Almost 96% of hospitals report having end-of-life operating systems in their networks, largely due to FDA regulations that limit upgrades on medical devices.
  1. Reduced Barriers to Care
    In emergency scenarios, time is critical. Security protocols like multi-factor authentication (MFA) may delay doctors from accessing patient information quickly, posing a challenge to implementing zero trust principles. Healthcare systems must strike a delicate balance between security and accessibility.
  1. Executive Exceptions
    Some senior healthcare professionals may receive security exemptions—for example, passwords that never expire—because they resist frequent changes. Unfortunately, these practices create vulnerabilities that attackers can easily exploit.

Resources for Cybersecurity Professionals in Healthcare

If you’re a cybersecurity professional new to healthcare, leveraging the right frameworks and resources is essential. Here are some trusted resources: 

  • NIST Cybersecurity Framework: Provides a robust foundation for building a security program.
  • CISA (Cybersecurity & Infrastructure Security Agency): Offers tools for protecting critical infrastructure, including healthcare.
  • HHS 405(d) Task Force: Publishes valuable documents like HICP (Health Industry Cybersecurity Practices), which identifies the top five risks to healthcare and outlines 10 cybersecurity best practices.
  • The Joint Commission: A healthcare accreditation body that requires regular testing of security protocols, including care continuity plans.

How Healthcare Organizations Can Strengthen Security

Healthcare employees are often motivated by a strong sense of purpose, making culture a powerful tool in cybersecurity efforts. Here are some essential actions to build a stronger defense:

  1. Foster a Culture of Security Awareness: Tie patient safety and security practices together. When employees understand that data security protects lives, they become more invested in following cybersecurity protocols.
  2. Increase Visibility Across Systems: Many healthcare providers struggle to understand which devices are on their networks and how they interact. Bridging the gap between IT, facilities, and biomed teams improves visibility, enabling better segmentation and isolation of systems.
  3. Implement Zero Trust and Resilience Practices: MFA, immutable backups, and regular assessments of care continuity plans are essential for reducing vulnerabilities. However, only 20% of hospitals conduct red-team or tabletop exercises to prepare for attacks, showing there’s room for improvement.
  4. Test, Don’t Just Assess: It’s not enough to assess vulnerabilities; hospitals must also test their defenses. Red and purple team exercises help organizations identify gaps and improve response strategies before a real attack occurs.

Conclusion: Navigating the Complexities of Healthcare Cybersecurity

Healthcare organizations face unique cybersecurity challenges, but solutions do exist. Success lies in creating a culture of security, enhancing system visibility, and encouraging collaboration across departments. With the right frameworks and practices—like HICP, CISA resources, and zero trust principles—healthcare providers can safeguard patient data and operations.

If you’re a healthcare IT professional or a healthcare organization struggling with cybersecurity, we’re here to help. Let us guide you through these complexities, ensuring that your patients—and your data—are safe. After all, none of us know when we might need these systems ourselves.

Troy Baietto

Troy Baietto

ANM Solutions Architect

Troy is the Solutions Architect for Arizona with ANM, helping clients align technology solutions to business needs. Prior to ANM, he was at Cisco for 19 years starting in IT as an intern and eventually becoming the systems engineer for healthcare in Arizona.

Considerations when Implementing Disaster Recovery

Considerations when Implementing Disaster Recovery

Implementing a Disaster Recovery (DR) solution is critical for ensuring business continuity in the event of an unforeseen disaster. Whether it's a natural calamity, cyberattack, or system failure, having a robust DR plan can mean the difference between a minor setback...

Understanding the Fundamentals of SASE

Understanding the Fundamentals of SASE

Today’s enterprises are rapidly embracing cloud technology and remote workforces, and traditional network architectures are struggling to keep up. As a result, Secure Access Service Edge (SASE) has emerged as a transformative framework that merges network security...

Understanding EDR, MDR, and XDR: A Comparative Analysis

Understanding EDR, MDR, and XDR: A Comparative Analysis

Over the past few years, three acronyms have gained significant prominence: EDR (Endpoint Detection and Response), MDR (Managed Detection and Response), and XDR (Extended Detection and Response). Each represents a unique approach to threat detection and response,...