Skip to content Skip to navigation Skip to footer

Cyberattacks in the Healthcare Industry


The number of healthcare cyberattacks impacting the healthcare industry went up by 55.1% between 2019 and 2020. Some of the rise in healthcare cyberattack statistics were due to the COVID-19 pandemic, as healthcare institutions and research facilities were targeted for their research and vulnerabilities stemming from the overburdening of the system. 

Recent healthcare cyberattacks have hurt hospitals and research facilities, impacting the services they provide for the public and their various investors and stakeholders. With high-performing healthcare cybersecurity, however, you can take steps to prevent cyberattacks in healthcare.

Why Is Healthcare the Biggest Target for Cyberattacks?

Private Patient Information is Worth a Lot of Money to Attackers

Hospitals have vast storehouses of private patient information that hackers can sell via the dark web. In addition to details regarding patient health conditions, hospitals hold other personal identification information that can be used in a wide range of fraudulent schemes.

Medical Devices Are an Easy Entry Point for Attackers

Medical devices often depend on antiquated hardware and security protections that hackers can easily penetrate. Hospitals often cannot afford to upgrade to the latest and greatest hardware, leaving them vulnerable to attacks.

Staff Need To Access Data Remotely, Opening Up More Opportunities for Attack

Healthcare cyberattacks in 2020 were, in part, due to staff having to access data remotely. This introduced a number of new attack vectors, particularly because home and public networks are used to access healthcare information, and attackers could take advantage of their relatively weak security services.

Workers Do Not Want To Disrupt Convenient Working Practices with the Introduction of New Technology

Doctors, nurses, and other support staff often spend years getting proficient at using the equipment needed to perform their services. If they have to learn new technologies to have an IT environment with a smaller attack surface, it would take an exorbitant amount of time, energy, and investment by the healthcare facility.

Healthcare Staff Are Not Educated in Online Risks

Despite having vast amounts of knowledge regarding how to improve and save lives, many healthcare workers are not up to date with their knowledge of recent online risks. This makes facilities like hospitals easy targets for hackers because every knowledge gap is a security blind spot a malicious actor can exploit.

The Number of Devices Used in Hospitals Makes It Hard To Stay on Top of Security

Hospitals are filled with doctors, nurses, patients, food service staff, and visitors—all of whom have different devices connected to their network. In addition, there are devices that interface with the network that are crucial to the provision of services to patients and staff. Keeping up with what could be thousands of devices can be a difficult challenge.

Use of Outdated Technology

The size of healthcare facilities sometimes forces them to keep outdated technologies in place, particularly because it would take too much time and money to replace them all. In addition, some technologies may have security risks, but they do an excellent job of supporting the work of healthcare practitioners as they care for patients.

The Rising Risk of Cyber Attacks on the Healthcare Industry

Per a recent data breach report by IBM, 83% of all enterprises surveyed have experienced over one breach in 2022. Healthcare was hit hard, with the cost of a breach going up by 42% since 2020. For the 12th year in a row, the healthcare industry had the highest average cost of a data breach. Another survey shockingly found that 18% of healthcare employees are willing to sell confidential information to unauthorized parties for as little as $500 to $1,000. 

By September 2022, there had been 368 breaches affecting 25.1 million patients, as per the U.S. Department of Health and Human Services Breach Portal. Out of these, 206 breaches began with the network server being compromised with malware, and 95 began with email phishing and privileged access abuse.

Healthcare firms are frequently the target of ransomware attacks for being heavily dependent on access to data such as patient records for their operations. A CISA advisory warned healthcare and hospital administrators of a newly discovered ransomware variant, Daixin Team, that infected and extorted healthcare and public health providers.

While ransom payment demands are the norm in ransomware attacks, cybercriminals have additional leverage on healthcare victims, as releasing medical information can violate state and federal laws on privacy and security regulations of medical records.

As prominent ransomware attackers get busted and shut down, newer groups may increase their attacks in 2023. Let’s do a bird’s eye view of the most prominent healthcare cyber attacks from 2022.


Ransomware is malware that gets installed on a computer, holding it hostage and asking for the user to pay a ransom to regain control of their machine. When ransomware infects a machine, the user cannot access any of their applications or data, and they lose control over the computer completely. A ransomware attack in a healthcare facility can render essential computational resources inept, risking the lives of patients.

Data Breaches

Data breaches can take various forms, one of which is credential-stealing malware that captures the credentials of someone with access to other sensitive data. In this way, the attacker is able to steal and exploit other data they find within the system. 

Also, insiders may intentionally or unintentionally disclose patient data. Laptops or other devices that store protected health information (PHI) and personally identifiable information (PII) can be lost or stolen and get into the hands of data thieves.

DDoS Attacks

A distributed denial-of-service (DDoS) attack is a popular tactic involving flooding a web server with fake requests. The server is programmed to respond to these requests, which consumes its resources. As a result, it cannot provide access and functionality to legitimate users. In addition to phishing, DDoS attacks are a popular technique used by hacktivists and cyber criminals to overwhelm a network to the point of inoperability.

Insider Threats

Employees encompass a variety of vulnerabilities. Some may click on malicious links unknowingly and introduce malware into the system. Others may give away access codes that end up getting abused by attackers. Using multi-factor authentication (MFA) can cut down on insider threats because this requires multiple credentials before allowing someone access.

Business Email Compromise & Fraud Scams

Business email compromise (BEC) scammers use spoofed email or compromised accounts to trick employees into initiating a money transfer to a fraudulent account. Because the email looks like it comes from a legitimate, trusted source, the scammer is able to get their target to drop their guard. Securing medical devices with new passwords after this kind of attack may be necessary to prevent a breach.

How Fortinet Can Help

Healthcare organizations continue to be targeted by cybercriminals. Cybersecurity incidents in healthcare create a risk of loss of life, poorer patient outcomes, regulatory risks and legal consequences.

Explore the resources below to know how Fortinet solutions can help proactively deal with healthcare cybersecurity risks.

  1. Ransomware Protection
  2. Stop Ransomware Phishing
  3. Reduce the Risk of Ransomware