The global healthcare industry is increasingly embracing digital technologies, such as cloud, big data, internet of things (IoT), remote monitoring, and more, to deliver the best patient care. However, as more digital technologies are utilised, the greater potential there is for cyberattack. Healthcare data is particularly sensitive to cyberattack, since healthcare cyber breaches often involve loss of sensitive personal information and medical records.

Changing Threats

Listed below are the changing nature of cyber threats impacting the cybersecurity in medical themes, as identified by GlobalData.


Ransomware, wherein a victim’s most critical files are held hostage, is a form of cyberattack that is on the rise. In 2016, security company Malwarebytes surveyed 500 companies in four countries and found that one-third had been the victim of a ransomware attack.

Ransomware refers to malicious software that takes control of a computer and encrypts the data on it, rendering it inaccessible. The hackers then demand a payment, typically in the form of bitcoin, in exchange for handing over the encryption keys.

The WannaCry ransomware attack is one of the most high-profile ransomware attacks in recent memory. On May 12, 2017, the attack targeted computers running the Microsoft Windows XP operating system by encrypting data and demanding ransom payments in bitcoin.

The medical sector is not immune to ransomware attacks. In June 2020, a hospital in Colorado, US reported a ransomware attack that targeted software essential to accessing patient records.

Insider and privilege misuse

According to a 2016 Data Breach Investigation by Verizon, around 77% of breaches fall within the insider and privilege misuse category. These breaches are caused by an internal party or individual. This could be an indication of a lack of appropriate cybersecurity measures within an organisation.

Many organisations have started to offer cybersecurity education and training to employees and staff. Approximately 48% of insurers surveyed by Accenture reported experiencing malicious insider threats, while 55% lacked confidence in their internal security monitoring.

The 2020 Data Breach Report by Verizon indicates that privilege misuse is also a significant cause of factor in cyber threats in the healthcare sector, with insider and privilege misuse leading to 8.7% of cyberattacks. However, in the previous year, insider and privilege misuse made an even greater contribution to healthcare cyberattacks at 23%.

Denial of service (DoS)

A DoS attack is a form of cyber-attack that aims to shut down a network, application, or machine, or make them inaccessible to users such as employees, members, or account holders. This can be accomplished by flooding the targeted network with traffic or sending information that causes a crash, thus interrupting the network service.

Victims of DoS attacks are typically players from the banking, media, commerce, government, and trading sectors. One type of DoS attack is Distributed Denial of Service (DDoS), which occurs when multiple systems organise a synchronised DoS attack on one target. An example of a DDoS attack was that suffered by the British Broadcasting Corporation (BBC) website in January 2016.

Botnets are created when a hacker temporarily takes control of millions of internet-enabled devices such as security cameras or TV set-top boxes by remotely infecting them with hidden malware. The botnet can then be used to mount DDoS attacks by instructing the infected devices to send simultaneous data requests en masse to a single server, causing the server to overload and crash.

DoS and DDoS attacks also occur in the healthcare sector and are particularly worrisome when they occur in hospitals since access to critical patient information can be compromised, according to the Centre for Internet Security (CIS). One example of a large DDoS attack that occurred in the healthcare sector was the attack of Boston Children’s Hospital in 2014.

Hacktivist groups

Increasingly, more sophisticated hacking has been perpetrated by groups of hackers against governments, nations, and states rather than against an individual. Anonymous and Lulz Security are two of the most widely known hacktivist groups. Anonymous, in alliance with Ghost Squad Attackers, claims to have brought down several central banks in this way, including the Bank of Greece, the Federal Reserve Bank of Boston, the Bank of England, and the Bank of France. Hacktivist groups also target healthcare facilities, and Anonymous has also been credited with the DDoS attack against Boston Children’s Hospital.

Online fraud

Online fraud is on the rise behind technology cycles such as peer-to-peer (P2P) lending, mobile banking, e-commerce, and the IoT. Social media encourages the reckless dissemination of personal information on the web, which facilitates identity theft. As more personal data ends up stored in the databases of internet companies, specialist data resellers can create more and more big data algorithms that dissect this data for resale.

With telehealth on the rise, more and more personal health information continues to be shared online, making sensitive information vulnerable to cyberattacks through online fraudulent activities. Online fraud in healthcare often takes one of three primary forms: provider fraud, cyber scams, and medical identity theft.

In provider fraud, healthcare providers use online billing systems to commit fraud, such as charging for more expensive procedures than were actually provided. Cyber scams include marketing ads targeting patients and/or providers with fake products or other scams. Medical identity theft occurs when someone’s personal information is stolen and used to fraudulently obtain medical services.

This is an edited extract from the Cybersecurity in Medical Devices – Thematic Research report produced by GlobalData Thematic Research.