Skip to main content

Identify Cybersecurity Threats to the Healthcare Industry

Learning Objectives

After completing this unit, you’ll be able to:

  • Identify cybersecurity threats to the healthcare industry.
  • Identify solutions to the healthcare industry’s cybersecurity challenges.

Healthcare Cybersecurity Threats

Attacks against the healthcare sector are growing at an alarming rate. They often target implanted and wearable medical devices, and systems containing sensitive information. Given the prevalence of these attacks, in 2013 the United States (US) Food and Drug Administration (FDA) began releasing guidance for securing medical devices. This was, in part, a response to several high-profile attacks.

But how do we protect against these attacks? As with any infrastructure, the most critical steps to protecting and defending the healthcare industry is to know your adversaries.

Cybercriminals

Cybercriminals target the healthcare industry to make money typically by using ransomware to hold sensitive data hostage until a ransom is paid. This cybercriminal activity has increased in recent years with threat actors exploiting vulnerabilities in healthcare systems for financial gain.

Hacktivists

Hacktivists are individuals or groups that carry out cyberattacks in support of political causes. For example, a hacktivist could steal the intellectual property of drug formulas and make them public in an effort to undermine the rising costs of prescription drugs.

Cyberterrorists

Cyberterrorists conduct unlawful attacks on computers, networks, and information to intimidate or coerce a government or its people. Specifically, attacks on the healthcare sector aim to cause panic and reduce public trust. For example, a cyberterrorist may carry out a denial of service (DoS) attack against a hospital network during a natural disaster, rendering already strained resources unavailable to people in need. 

Nation State Actors

Nation state threat actors are sponsored groups that launch advanced and customized attacks against foreign governments and organizations. These attacks can disrupt critical services, expose sensitive patient data, and potentially compromise patient lives.

Now that we’ve identified some known healthcare industry threat actors, let’s look at some of their tactics.

Top Five Healthcare Threat Actor Tactics

Patient safety and privacy are the primary cybersecurity risks facing the healthcare industry. Attacks on electronic health records (EHR), electronic medical records (EMR), medical devices, and more can result in information disclosure, loss of trust, and compromised healthcare. Understanding the tactics that adversaries use helps you defend against them. Let’s examine a few.

Phishing

Phishing is a common attack vector where malicious actors try to deceive individuals into clicking on malicious links or downloading malware-infected attachments, often disguised as legitimate content, to gain unauthorized access to systems, steal sensitive information (such as credentials or protected health information (PHI)) or install ransomware.  

Ransomware

Ransomware is a form of malware designed to deny access to digital files by encrypting them. An attacker demands a ransom payment for the decryption key, which puts organizations in a position to decide whether to pay the ransom or deal with the loss of access. 

Loss or Theft of Equipment or Data

Data is stored on multiple devices, including laptops, tablets, thumb drives, and smartphones. Unfortunately, these devices don’t always have adequate protections if they’re lost or stolen. In many cases, they have limited restrictions for data access, so even if they’re recovered, there’s no guarantee that the data hasn’t been copied, erased, or corrupted.

Insider, Accidental, or Intentional Data Loss

Individuals with authorized access to sensitive data are also threats. When these individuals accidentally or intentionally misuse their access, they’re called insider threats. Accidental insider threats often result from negligence, such as clicking on a phishing link. Intentional insiders are more malicious and knowingly misuse their access with the intent to cause harm. 

To drive this tactic home, meet Tess, an insider at a pharmaceutical company conducting vaccine research. Tess recently is preparing to sit on a panel at a conference on nanotechnology (the manipulation of materials on a molecular scale). In preparation for the conference, Tess and her fellow panelists are collaborating on their presentation. Tess wants to share her research with the panelist but her company's email security is preventing her from sending the sensitive data. 

Tess decides to share the file on an online file sharing service. She sends a link out to each panelist believing that the information can only be seen by them. What Tess does not realize is that the file share is configured to allow public access. A week later, the security office at her company informs her that her research is circulating all over the Internet. Tess has become an accidental insider threat.

Medhacking

Medical device hacking (medhacking) is manipulating or disrupting network-enabled medical devices like pacemakers or insulin delivery systems. Medhacking threatens the confidentiality and integrity of patient data but also poses a risk to patient safety.

A doctor holding up a stethoscope to a computer that’s surrounded by healthcare threat tactics: a fishing hook for phishing, an encrypted device with dollar signs for ransomware, and more

Cybersecurity Protections for Healthcare

Tactics that adversaries use to gain unauthorized access to data vary widely and are largely based on the attacker’s level of sophistication. While these methods seem daunting, there are a few basic cybersecurity protections healthcare organizations should consider to protect against them.

Policies

Establishing and implementing cybersecurity policies sets expectations and fosters consistent adoption across the healthcare organization. Clearly articulated policies inform healthcare personnel and third parties about which data, systems, and devices they’re authorized to access and the consequences of unauthorized access attempts.

Asset Management

You cannot secure what you don’t know you have. It’s increasingly important that healthcare organizations identify all their assets to develop and prioritize how they’re protected. Healthcare organizations should inventory their assets, including their identification numbers, operating systems, physical locations, and more.

Access Management

Healthcare organizations should know who’s allowed access to their networks and systems as well as the level of access each person is granted. They should create unique user accounts and monitor their activities. This allows organizations to grant authorized users the rights to use a service, while preventing access of unauthorized users, to help prevent PHI from being accessed inappropriately. Password hygiene in particular, such as ensuring passwords are unique, difficult to guess, and are not shared, is important. 

Vulnerability Management

Healthcare organizations can implement a vulnerability management (VM) program to detect software flaws and weaknesses that hackers could exploit. By proactively scanning their assets to identify these flaws, organizations can develop remediation plans such as patching or reconfiguring settings.

Incident Response

Incident response (IR) is the methodology an organization uses to respond to and manage cyberattacks. Establishing, implementing, and testing an IR plan that outlines how the healthcare organization will respond to cyberattacks helps identify gaps in existing processes.

Network Management

Configuring networks to segment access between devices to only that which is required limits cyberattacks from spreading. Healthcare organizations should prevent public access to their networks by blocking inbound internet access and restricting third-party access to only controlled interfaces. 

Endpoint Protections

With the prevalence of remote work, devices like desktops, laptops and mobile devices are no longer physically contained within the four walls of an organization. For this reason, it’s even more essential that each device is configured and installed with security tools such as antivirus, anti-malware, and firewalls to prevent malicious files from executing and to block unauthorized access. In addition, health organizations should:

  • Limit and remove unnecessary administrator accounts.
  • Regularly patch endpoints.
  • Enable multi-factor authentication (MFA).
  • Implement device encryption.

Email Protections

Email is a critical component of healthcare cybersecurity to send and receive information. Individuals tend to store important information, including patient data, in their mailboxes. Healthcare organizations must exercise due diligence and ensure their email provider offers basic features such as spam filtering and virus scanning.

Data Protections

Data loss prevention (DLP) impedes an end user from moving key information outside of an organization's network. It also allows network administrators to monitor data accessed and shared by end users. As a first step to implementing DLP, healthcare organizations should complete a data inventory to document where their data resides, where it’s accessed, how it’s shared, and its level of sensitivity. 

Device Protections

Healthcare technology (healthtech) medical devices need special protections beyond what other endpoints might receive, because of the potential negative impact to human life if they were compromised. These devices should be on a segmented network, have their own patching procedures, and involve additional security measures to prevent unauthorized access. 

Supply Chain Protections

Healthcare providers also need to keep in mind supply chain risks when it comes to device protections. They need to ensure healthtech medical devices are securely produced and delivered, and consider the negative impacts a cyberattack on a third-party vendor could have on the supply of traditional medical devices such as respirators. 

Healthcare organizations must emphasize supply chain risk management with every vendor, partner, and supplier to prevent, detect, and respond to cyber threats. Tools such as training and periodic assessments aid in developing continuous improvement measures in the supply chain. 

Sum It Up

In this module, you’ve been introduced to healthcare technologies and the threat actors that target them. You’ve also learned how to implement cybersecurity protective measures to secure healthcare technology and reduce the impact of risks to healthcare organizations and patient data. Interested in learning more about cybersecurity careers and technologies? Head on over to the Cybersecurity Learning Hub to explore other roles and hear from real security practitioners.

Resources

Share your Trailhead feedback over on Salesforce Help.

We'd love to hear about your experience with Trailhead - you can now access the new feedback form anytime from the Salesforce Help site.

Learn More Continue to Share Feedback