Cybersecurity Attacks on Healthcare Organizations

Author: Art Ehuan August 3, 2020

A healthcare provider typing confidential records into a computer

David Hoffman, professor at the Duke University School of Public Policy and associate general counsel at Intel Corporation, recently collaborated with Crypsis's Art Ehuan, vice president for the Cyber Risk and Resilience Management practice in the article Another Type of Virus? COVID-19, Hospitals, and Cybersecurity.
The article outlines the growing threats on healthcare organizations and the five steps your healthcare organization can take immediately to remain proactive and diminish threats. We dive deeper into these threats and strategies below.

While healthcare organizations are using all available resources to stay ahead of COVID-19, malicious threat actors are attempting to use ransomware and other cybersecurity attacks during the emergency, as they so often do. Without a focus on both types of viruses, our healthcare systems may be at significant risk. 

A joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) issued a warning on the increased number of cybersecurity attacks using COVID-19 language and themes.

Learn more below about the growing threats on healthcare organizations and the five steps your healthcare organization can take immediately to remain proactive and diminish threats.

Growth of Cyber Attacks on Healthcare

As the COVID-19 virus continues to spread globally, it was only a matter of time before threat actors found creative ways to infiltrate IT systems and wreak havoc in cloud-based solutions. 

The advisory note issued by the CISA and NCSC focused specifically on an increase in the following types of attacks:

  • Phishing emails using subject lines centered around coronavirus or COVID-19 as a lure
  • Malware distribution, using coronavirus- or COVID-19-themed lures
  • Registration of new domain names containing wording related to coronavirus or COVID-19
  • Attacks against newly—and often rapidly—deployed remote access and teleworking infrastructure

According to our data, the healthcare sector was the most-affected industry in ransomware matters last year, and the most-targeted sector of 2019. 

healthcare and the growing cybersecurity challenge inforgraphic


Healthcare organizations also collect large and complete data sets on their customers, including full contact information, Social Security numbers, payment card data, and sensitive health information — making it a perfect opportunity for fraudulent insider acts.

View our 2020 Incident Response and Data Breach Report to learn how your organization can adapt to meet the evolving strategies of threat actors.

Why Healthcare Cybersecurity Is Critical to Address

Telecommuting and telehealth have transformed the work environment for healthcare organizations, and there are no signs that the use and advancement of either are slowing down.

With these changes, healthcare organizations are leveraging the efficiency and scalability of cloud solutions for everything from billing to health monitoring, remote patient care options, online patient portals, and more. Yet, offloading work to the cloud doesn’t offload all of the security burden, and healthcare delivery organizations, as well as associated technology providers that leverage technology platforms, have seen a number of related inadvertent disclosure events, often exposing volumes of sensitive data.

With a growing focus on combating increasing cyber risk and managing the technology doctors use in new telehealth solutions, the healthcare sector would greatly benefit from a broader adoption of risk management processes to prioritize resources in protecting sensitive patient data and systems.

A priority should be placed on developing and implementing durable cybersecurity programs that are adaptable to the changing technologies of healthcare and telehealth.

Governance structures for the board of directors and executives of healthcare organizations can play an important role in moving cyber risk mitigation programs forward. These processes should not be costly, as oversight should already exist in other areas, including finance and quality of care.

How to Improve Critical Infrastructure Cybersecurity

From top executive staff and board members to information technology experts and medical personnel, a proactive approach to cybersecurity mitigation requires collaboration and the right cybersecurity support system. 

To assist hospitals with risk analysis, one tool to consider is the National Institute of Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity (CSF), which follows a five-step process, outlined below. 

  1. Identify: Develop an understanding of how to discover and manage cybersecurity risks.
    It’s difficult to secure what you can’t see. Learning how to look internally to identify security vulnerabilities before the threat actors do is key. Technical vulnerability identification services, including penetration testing, compromise assessments, and web application testing, can help your healthcare organization identify and proactively secure cybersecurity risks.

  2. Protect: Support the ability to limit or contain the impact of cybersecurity events.
    Protection starts with initiating safeguards to ensure the delivery of critical infrastructure services. Examples include identifying management and access control, cyber risk awareness training, and implementing information protection processes and procedures.

  3. Detect: Define how to identify cybersecurity events.
    Timely discovery of cybersecurity events often involves implementing continuous monitoring capabilities. This involves monitoring cybersecurity developments and events to verify the effectiveness of protective measures.

  4. Respond: Outline how to take action after a cybersecurity event is detected.
    Once your healthcare organization has detected a threat, it’s important to prioritize a mitigation and containment strategy. This includes the immediate steps that must be taken to limit the damage caused by the incident and prevent further damage. 

  5. Recover: Repair and restore any services that were affected by cybersecurity events.
    After a cybersecurity incident, restoring capabilities and services is the top priority. In the wake of a serious incident, your organization should evaluate lessons learned and consider an enterprise-wide assessment and review of the information security program.

We recommend healthcare organizations complete a review of their cybersecurity programs at least quarterly and receive detailed briefings on the results of their staff’s risk management analysis. These cybersecurity reviews will enable active monitoring of how the organization is protected and how to implement the most cost-effective and reliable solutions.

Now is a critical time for hospitals and healthcare providers to implement the adaptable CSF for their organization. 

Get a detailed review of the most pervasive and impactful cyber threats for the healthcare sector and beyond in our 2020 Incident Response and Data Breach Report. Learn the top cyber threats that occurred last year and Crypsis Pro Tips to help organizations fight back.

Looking for more information? Contact us and we’d be happy to help you.

Topics: Security Insights