Nov 01 2022

The Top 3 Cyberthreats Facing Healthcare Organizations Today

As health IT environments become more complex, cyberattacks are getting more sophisticated. Healthcare security teams must understand what they’re up against to protect patient data and critical infrastructure.

Bad actors continue to target healthcare organizations with cyberattacks as the amount of valuable patient data collected continues to grow. However, other factors are making it difficult for healthcare organizations to protect patient data. These include IT and security staff shortages, the increased sophistication of attacks, the impacts of the pandemic, and regulatory pressures.

For example, the Health Information Technology for Economic and Clinical Health Act of 2009 incentivized healthcare organizations to invest in technology to digitize the patient record and became the primary focus for the healthcare industry for more than 10 years. A key component to receiving funding for this project was demonstrating compliance with regulatory standards, especially HIPAA.

“An unfortunate byproduct of this act is that U.S. health institutions over-rotated on information security solutions that met compliance requirements at the expense of actual data security. As a result, U.S. hospital defenses have been porous in comparison to other industries,” says Ryan Witt, healthcare cybersecurity leader at Proofpoint. “The threat actors figured this out, and U.S. hospitals have been a primary attack target ever since. Information security within U.S. hospitals continues to play catch up, and healthcare is still very much in the cybercriminal crosshairs.”

1. Phishing Attacks Are the Top Threat to Healthcare Organizations

In response to the 2021 HIMSS Healthcare Cybersecurity Survey of healthcare cybersecurity professionals, 45 percent said a phishing attack was the most significant security incident they had experienced over the past 12 months.

“The nirvana state for threat actors is obtaining credentials, so they have the flexibility to determine which type of exploit to launch, usually after observing the operation behavior. Threat actors are incredibly patient and will use the time to understand the environment before they determine their best attack vector,” says Witt. “They then select which exploit is most optimal to achieve their goals and will use social engineering techniques to launch their attack. But it almost always starts with credentials, which is why phishing is an initial point of compromise.”

Cybersecurity Awareness Month Visual Sidebar


He recommends that healthcare organizations deploy a sophisticated email gateway solution augmented by DMARC capability to help authenticate and mitigate imposter-style attacks.

“Security awareness training should also be part of the security layer. Certain users, those who have a propensity to click or those who are more prone to attack, should have isolation technology deployed so that their email activity operates within a containerized environment,” Witt adds. “Healthcare increasingly is adopting cloud-based solutions, so a cloud access security broker should be deployed in those scenarios. Finally, information protection solutions that include data loss prevention capabilities should be strongly deployed by healthcare institutions.”

2. Ransomware Continues to Challenge Healthcare Organizations

“Unfortunately, healthcare organizations continue to be targeted as the No. 1 sector in the ransomware space,” says Tapan Mehta, a healthcare industry solutions leader at Palo Alto Networks.

He explains that these attacks are coming from individuals as well as nation-state actors who are after patient data. The average ransomware payment in cases worked by Palo Alto’s incident responders rose to $925,162 during the first five months of 2022.

“The largest ransom was close to $10 million, and those numbers continue to increase in terms of attack frequency and the probability of healthcare organizations being willing to pay the ransom,” says Mehta. “They can’t be in a situation where their systems are down. and patients aren’t getting the care they need.”

3. Increasing IT Complexity Creates More Attack Vectors

Healthcare organizations are deploying more biomedical and Internet of Medical Things devices, which increase IT complexity and create more attack vectors for bad actors to target. In addition, Mehta points out, many existing legacy devices have a long shelf life (10 to 15 years for some) but don’t receive frequent software updates.

“If you look at this year’s data, there’s been a 123 percent spike in IoT-related attacks,” he says. “They’re the perfect entry points for attackers to break into a healthcare system. That’s part of the reason healthcare should segregate devices on a separate network rather than the same, converged network.”

As healthcare moves further in its cloud journey, hybrid or multicloud environments also complicate the IT landscape. Remote work also has led to an expansion of the organization’s IT perimeter, and Mehta says that 300- to 400-bed hospitals may have up to 500 apps running in their environment, from the electronic health record and picture archiving and communication systems to billing and human resources-related workflows. All these apps and devices need to be maintained and secured.

Click the banner below to discover how MDR can support your security strategy.

“There’s an ongoing barrage of attacks because there are so many entry points with IoMT devices and legacy systems,” says Mehta.

He recommends that organizations take a holistic view of security rather than relying on several point-based solutions. A zero-trust approach can help organizations better protect their environments. For healthcare organizations, users could be employees at an acute or outpatient facility, in the hospital, at home, or anywhere. As they access their information, Mehta says, a zero-trust framework will verify that the user is who they say they are before granting access. It will also ensure they only have access to the apps and data the organizations want them to access based on their role and privileges. With a zero-trust approach, organizations also should ensure that the same policy and compliance is applied to all IT environments to protect patient data.

“The reason zero trust is critical is that the traditional perimeter of care has changed with telehealth and other services. That boundary has expanded tremendously. That’s been fundamental in motivating customers to have a broader strategic approach as it relates to a zero-trust network architecture,” says Mehta. “Secure access service edge has also become critical, because there are now a lot of outpatient and remote settings providing care. Healthcare organizations have more ancillary facilities, and they need to know how to make sure those sites can access patient records in a seamless and secure manner.”

Partnering with Experts Strengthens Healthcare Cybersecurity

While large healthcare organizations may have the internal resources to mitigate cyberthreats, many smaller, regional and rural healthcare organizations have trouble filling all their security gaps on their own, especially amid IT staff shortages. That’s why more hospitals are looking for partnerships with security experts that provide services such as managed detection and response.

“Partnering with organizations that can provide threat intel that shows precisely which parts of the enterprise are being attacked is important,” says Witt. “More specifically, research showing very attacked users or very attacked departments should be used to help healthcare organizations determine where to focus their security efforts.”

“It’s not ‘if’ but ‘when’ for healthcare organizations,” Mehta adds. “They will want to have a playbook in place should they be compromised. A security partnership is important to ensure healthcare organizations can pivot quickly.”

Keep this page bookmarked to keep up with all of HealthTech’s Cybersecurity Awareness Month coverage, including more on managed detection and response.

PeopleImages/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.