Healthcare Cybersecurity (Part II) – Pernicious Threats and Their Ripple Effects

Cooperation between health professionals and IT staff has never been more important. The data shows it and real-life crises healthcare organizations go through prove it.

What makes healthcare such a high-value target for cybercriminals?

You’ll find the reasons are a lot more nuanced – and even surprising – than you may think.

Industry profile

Healthcare has gone through many changes over the last decade and the main one is driven by technology. As medtech has evolved, hospitals and medical practices invested in upgrading their equipment to improve diagnostics, speed, and results in patient care.

However, security spending was bumped further down the list, even as vulnerabilities piled on with new tech becoming part of the ecosystem. That’s because security wasn’t directly tied to outcomes in patient care until a few years ago.

What’s more, because of the urgency of health professionals’ work, there was never enough time to dedicate to cybersecurity education. More often than not, there still isn’t.


of surveyed organizations agreed that lack of employee awareness and training affects their ability to achieve a strong security posture (2018 Impact of Cyber Insecurity on Healthcare Organizations).

Cybersecurity healthcare jobs are also difficult to fill. The ISACA State of Cyber Security 2019 report reveals that:


of healthcare organizations are unable to find suitable candidates


of healthcare organizations are unsure they’ll be able to fill vacant positions


recruit IT security personnel

2018 Impact of Cyber Insecurity on Healthcare Organizations

The consequences of this chronic lack of investment in cybersecurity are today’s widespread issues. We’re now at a point where the risk can no longer be ignored.


Environment complexity

The increasing complexity of IT environments places healthcare security decision-makers in a difficult position. They must find a way to secure their infrastructures against multiplying attack vectors while using roughly the same resources.

The range of connected medical devices, systems & applications in healthcare


  • Desktops
  • Servers
  • Smartphones
  • Tablets
  • BYOD
  • Self-service kiosks
  • mHealth systems
  • Specialized medical equipment
    • Bedside computer terminals
    • Bedside medication verification
    • Medical imaging devices
    • Implantable medical devices (IMD), etc.
  • IoMT (Internet of Medical Things)

“Medical technology (medtech) companies manufacture more than 500,000 different types of medical devices, including wearable external medical devices (skin patches, insulin pumps and blood glucose monitors), implanted medical devices (pacemakers and implantable cardioverter-defibrillator devices) and stationary medical devices (home monitoring devices, connected imaging devices and scanning machines).“

Medtech and the Internet of Medical Things, Deloitte Center for Health Solutions


IoMT ecosystem


Medical software 

  • EHR/EMR systems
  • Medical practice management software 
  • PACS (Picture Archiving & Communication Systems)
  • Patient Data Management Systems
  • Patient scheduling systems 
  • ePrescription applications 
  • Telemedicine platforms
  • Patient portals
  • Medical billing systems with/without online payment 
  • Third-party clinical systems integrations
  • Real-time locating services for tracking systems for instruments, devices & clinical staff

IT infrastructure

  • VDI (Virtual Desktop Infrastructure), public cloud or multi-cloud deployments
  • On-premises data centers
  • Hybrid infrastructures
  • Legacy systems
  • Internal networks connecting all devices, cloud deployments & medical equipment

What’s more, it’s not just internal systems that IT and security professionals must keep safe and compliant. Third-party service providers also introduce security risks in healthcare organizations.

In 2018, 42% of all exposed/stolen records resulted from business associate data breaches.

healthcare records exposed

Although they cannot control business partners’ security, there’s a lot healthcare organizations can do to minimize their risk of being breached.

It’s blatantly obvious that the attack surface in healthcare organizations is expanding exponentially.

With such a huge volume of data traveling across devices, channels, and platforms, keeping tabs on everything can be overwhelming. From specialized connected medical devices to patient portals, the diversity of assets requires a security setup that can protect them all and maintain visibility across this complex, vital ecosystem.


Risk profile

Speaking of risk, in healthcare, cyber attacks have different consequences than other industries.

Cybercriminals exploit this by trying to cripple hospitals’ ability to function, forcing them to pay the ransom to resume normal activity. They can also do things like tamper with hospital elevators or encrypt radiology equipment essential for diagnosis.

On top of ransomware attacks, malicious hackers also target health data collection and data management practices. That’s because a single Electronic Health Record (EHR) includes:

  • Name
  • Birthday 
  • Medical ID 
  • Social Security number
  • Personally Identifiable Information
  • Financial data
  • Email address
  • Physical address

1 Electronic Health Record = $250 on the black market 

50x more than credit card details 

The Value of Data Report


EHRs are a goldmine because they include a lot of nonperishable and highly valuable information and, for a motivated attacker, they’re also relatively easy to get.


But that’s not all! Cybercriminals are also looking for other types of data:

  • Lab results they can use for extortion or identity theft  
  • Medical licenses to impersonate doctors and forge medical documents 
  • Health insurance company login details to fraudulently claim health insurance compensation 
  • Connected medical devices to use for cryptocurrency mining or to hijack the device’s functions
  • Administrative paperwork to issue fake health insurance cards, counterfeit prescriptions, and even forge drug labels.

The main attack vector they use to get this data are phishing emails and by exploiting vulnerabilities and misconfigurations in the network.


incident response report

2019 BakerHostetler Data Security Incident Response Report


Once they’re in, most attackers focus on gaining persistent access by compromising email accounts and also moving laterally through the network to harvest valuable data.



2019 BakerHostetler Data Security Incident Response Report


The technology, processes, and people involved in healthcare paint a very specific risk profile that requires a systemic approach.


Digital transformation

The industry’s digital transformation is also adding layers of complexity and changing workflows. Each change introduced into the organization, from devices to processes, adds new items on security leaders’ agenda.

Let’s take a look at the typical range of components that work together in a healthcare organization in the context of digital transformation.


Benefits vs security risks for healthcare IT infrastructure elements

Technology layer

Healthcare benefits

Security risks

Specialized medical devices

(medical imaging devices, IMDs, etc.)

  • In-dept medical investigations
  • More accurate results
  • Better patient care
  • Exposed to targeted cyber attacks 
  • Highly valuable target for their data and processing power


  • More flexibility
  • Better data accessibility
  • Improved availability to medical staff
  • Insecure texting
  • Data leakage
  • Device theft or loss 
  • Device fragmentation


  • Improved patient care through real-time data
  • Better chronic disease and drug management
  • Useful health alerts 
  • Unencrypted devices
  • No 2FA options
  • No regular security updates
  • No remote data erasure

mHealth systems

  • Enhanced access to patient data
  • Better patient compliance with medication/treatment 
  • Statistical data to improve healthcare on mass population level
  • Unauthorized access to patient data through social engineering attacks
  • Mobile malware attacks
  • Device misuse such as connecting to unprotected public Wi-fi

EHR/EMR systems

  • More accurate diagnostics based on up to date patient data
  • Reduced rate of medical errors
  • Coordinated, more efficient patient care
  • Encryption blind spots
  • Phishing and social engineering attacks 
  • Patient care disruption because of extended EHR unavailability caused by cyber attacks 

Virtual Desktop Infrastructure

  • Improved accessibility to patient data
  • Decreased administrative costs
  • Can be used for BYOD deployment
  • Visibility loss because of faster desktop deployment
  • Increased IT governance complexity
  • Single point of failure 

Hybrid infrastructures

  • Enhanced operational agility
  • Expanded storage environments
  • Virtualized and highly automated 
  • Poor data redundancy
  • Unprotected APIs
  • Authentication failure
  • Weak IP protection
  • Data leakage 


While this overview may look burdensome, there’s a great reason to weather the challenges of constant adjustments and improvements. New digital health tools and technology bring fantastic benefits for patients.

Remotely monitored medical devices bridge the geographic divide and improve results with 24/7 availability.

Big data helps surface health trends and identify solutions that help vulnerable patient groups.

Treatments become more personalized, leveraging more of the patient’s current context and medical history.

Doctors and other medical professionals make better decisions based on more data, correlated by faster, smarter algorithms that continue to improve as they learn.

However, to harness the power of digital transformation, IT and security leaders must also secure necessary legacy systems and the transition towards a more integrated approach to healthcare.

trend in perception - why patient information is at risk2018 Impact of Cyber Insecurity on Healthcare Organizations

One of the particularities of healthcare security is that specialists responsible for this side of the business must look farther than ever before for the implications of their work. Increased complexity calls for a deeper understanding of the ecosystem, which is why part three of this series is dedicated to putting critical security needs in perspective for healthcare organizations and their role as critical infrastructure.

Suppress cyber attacks targeting medical data with Bitdefender’s industry-leading solutions. Learn more

Additional reading: Healthcare Cybersecurity (Part I) – An Ecosystem Overview by the NumbersI

If you learned valuable information from this article and want to receive the next one in the series via email, subscribe to our blog and we’ll keep you in the loop.

*** This is a Security Bloggers Network syndicated blog from Business Insights In Virtualization and Cloud Security authored by Bitdefender Enterprise. Read the original post at: