The State of Cyberattacks in Healthcare and 5 Ways to Prevent Them

The following is a guest blog post by Ram Vaidyanathan, IT Security and Cyber Risk Analyst at ManageEngine.

According to the International Monetary Fund, the global GDP was close to USD 87 trillion at the end of 2018. Assuming that 10 percent of this value was spent on healthcare, as it was in 2015, that would make the world’s healthcare market worth USD 8.7 trillion. And assuming a three percent spend rate on this figure, the healthcare industry spent USD 261 billion on IT in 2018.

This figure will continue to grow in the coming years as investments in value-based care, patient engagement services, connected medical devices, multi-cloud environments, data analytics, and mobile applications gain ground. Furthermore, additional emphasis will be placed on preventive healthcare rather than reactive treatment.

All of these developments mean increased personalization for each patient. This customization will undoubtedly lead to higher satisfaction levels among patients, and better productivity among healthcare staff. But at the same time, these improvements will increase the attack surface for healthcare organizations and the potential risk of cyberattacks.

Why would cybercriminals want to target healthcare?

The FBI’s Cyber Division states that each electronic health record (EHR) sells for USD 50 in the black market, compared to USD 1 for a stolen social security number or credit card number. This is because each EHR may contain rich information, such as the patient’s name, gender, medical history, progress notes, prescription details, test results, radiology images, and insurance data. A cybercriminal could use this information to steal identities, buy medical equipment or drugs, or file fictional insurance claims.

Alternatively, a cybercriminal could wage a ransomware attack against a healthcare institution—they can encrypt the sensitive information, inform the organization that they are under attack, and demand payment for decrypting the data. And since it can be a question of life or death for patients, organizations may not think twice about paying up. For example, Hancock Health paid hackers USD 55,000 to unlock its systems in January 2018.

How to prevent cyberattacks in healthcare

Here are five ways healthcare organizations can defend against cybercrime:

1. Educate employees about cybersecurity: All healthcare staff should frequently be trained on cybersecurity best practices. The weak links during any attack are usually the employees, and it’s through them that criminals gain an initial foothold. A training program at least once every six months will go a long way in protecting the entire organization from cybercrime.

2. Implement an identity and access management (IAM) program: An effective IAM program requires the IT team to use HR’s employee database, closely examine different roles and job descriptions, identify which employees need access to what information, and follow the principle of least privilege. For example, a radiologist would never need access to the list of patients for whom prosthetics were fitted.

3. Perform comprehensive risk assessments: Risk assessments help the healthcare institution identify all valuable data assets, prioritize them, and determine the business impact of a breach for every data asset. In this way, vulnerabilities can be plugged.

4. Monitor threshold-based alerts: Threshold-based alerting lets security personnel know as soon as certain suspicious conditions are met. For example, did someone with a doctor’s user account attempt to log in to a server and fail five consecutive times in one minute? Did this account then gain access on the sixth attempt? This could be a potential brute-force attack.

5. Look for anomalies: To better protect against threats, companies need to adopt user behavior analytics (UBA), which looks at patterns of human behavior and applies algorithms to detect meaningful anomalies from those patterns. A UBA engine creates a dynamic baseline based on each user’s activity and monitors for anomalies. This baseline may be updated every day based on the user’s activity. For example, the chief of medicine may usually log on to the network between 9am and 6pm, and the system would learn that this is their “normal” behavior. If this user logs on to the network at 12:30am, it would then be treated as an anomaly and an immediate alert would be sent to security personnel.

What can we expect 10 years from now?

Within the next 10 years, doctors may start using artificial intelligence (AI) in every sphere of their work. AI-assisted robotic surgeries, virtual nursing assistants, and precision medicine might become commonplace. It will also become crucial for healthcare institutions to invest in cybersecurity tools that employ general AI and machine learning to protect against cybercrime. While precision medicine predicts how likely it is for a patient to suffer from a particular ailment based on their genetic information, precision cybersecurity may just predict how likely it is for a hospital to suffer from a data breach.

About Ram Vaidyanathan
Ram Vaidyanathan is an IT Security and Cyber Risk Analyst at ManageEngine, a division of Zoho Corp. Ram specializes in areas including how the technology industry is adapting to the changing needs of cyber security and privacy concerns, as well as how companies can best maintain risk management and compliance. Ram possesses a strong technical background with a Bachelor in Engineering and experience in both IT and security, as well as an MBA from York University. For more information on ManageEngine, the real-time IT management company, please visit; follow the company blog at, and on LinkedIn at and Twitter @ManageEngine.