Health Care Cybersecurity Threats and Trends

View all blog posts under Cybersecurity | View all blog posts under News and Articles

Two cybersecurity professionals use a tablet in a server room.

As the health care industry continues to reel from the devastating impact of the COVID-19 pandemic, another perilous threat looms in the form of cyberattacks.

  • Cyberattacks against health care providers increased by 42% in 2020 compared with 2019, according to research conducted by security firm Protenus and reported in Forbes. The attacks represented 62% of all patient data breaches that year.
  • The steps that hospitals and health care providers took in refsponse to the pandemic, including telehealth and remote work, made the institutions more vulnerable to cybercrimes because standard data protection measures were difficult for the providers to maintain.
  • Stressed health care workers are less likely to make everyday data security measures a priority, which allows attackers to breach health care employers’ defenses more easily.

The health care industry is a prime target for cyberattacks in large part because of the value of patients’ private medical information to criminals. The attacks tend to occur at times and places where systems and workers are most vulnerable. As a result, the personal information of 45 million patients in the U.S. was compromised in 2021, according to Critical Insight’s Healthcare Breach Report for July to December 2021.

Protecting patients and health care providers requires a concerted effort by health care cybersecurity professionals to harden computer networks and educate health care workers about the importance of good security practices to keep their facilities one step ahead of cybercriminals. This is a principal area of focus for degree programs such as the University of Nevada, Reno’s online Master of Science in Cybersecurity.

Consequences of Health Care Cyberattacks

A successful cyberattack on a health care facility can cause significant economic damage and foment distrust among a facility’s patients. Critical Insight’s survey found that monetary gain is the motivation behind 91% of cyberattacks targeting health care providers. One recent trend is that cybercriminals now use the private information they steal about patients to make “identity kits,” which they sell to thieves with less technical savvy via the dark web, Forbes reports.

Disruptions to information systems may cause delays in executing treatment strategies, which can impact patient health. When ransomware renders a health care provider’s critical data inaccessible, the quality of patient care deteriorates. For example, when Britain’s National Health Service fell victim to the WannaCry ransomware attack in 2017, the service had to divert ambulances and reschedule surgeries, the American Hospital Association reports.

Threats and Trends in Health Care Cybercrime

Cyberattacks affect organizations in all industries and areas of government, but the health care industry is especially vulnerable to these crimes because the data that health care services collect and maintain about their patients is so sensitive that its unauthorized release could jeopardize patients’ lives. This is in addition to their potential loss of privacy and the institution’s financial costs due to paying ransom, recovering from service disruptions and restoring lost or damaged data.

The five most common and most damaging types of cyberattacks that health care cybersecurity efforts must protect against are phishing, ransomware, distributed denial of service (DDoS) attacks, data breaches and insider threats.


This attack method disguises an email so it appears to come from a trusted correspondent. The messages are cleverly crafted to appear legitimate, so the recipient feels safe in clicking a link in the message or performing some other action that activates the attack on the organization’s network. Often the link takes the person to a website that mimics a familiar login screen, where the criminal collects the victim’s user ID and password for the company’s computers.


Cybercriminals increasingly attempt to gain access to a health care provider’s network so they can access and encrypt its data and withhold the decryption key until the organization pays a ransom. The ransom is typically paid in the form of bitcoins so the money can’t be traced. The health care industry is especially vulnerable to ransomware because of how disruptive the crimes can be to a health service’s operations. While many ransomware victims elect to pay, the FBI doesn’t support paying ransom in response to such attacks.

DDoS Attacks

These attacks flood a health care provider’s computer systems with incoming signals requesting a connection, causing the networks to crash. Cybercriminals create “armies” of botnets and compromised computers to use as the senders of the unauthorized requests. Rather than attempting to steal the victim’s data or hold it for ransom, DDoS attacks are intended to force the company’s networks offline. However, in a growing number of cases, the attacks may persist until the target organization pays a ransom.

Data Breaches

Because of the highly sensitive nature of patients’ medical data, the U.S. government requires that health care providers follow the data-protection guidelines in the Health Insurance Portability and Accountability Act (HIPAA). Even with these protections in place, data thieves target health care services much more frequently than they do firms in other industries. Health care cybersecurity efforts emphasize careful monitoring of all potential attack surfaces, including the networks of third-party vendors.

Insider Threats

Threats to data security from inside a health care organization continue to be more common than those that originated outside the company, although external attacks are increasing more rapidly, Health IT Security reports. As more health care employees worked remotely during the pandemic, the risks of data loss skyrocketed, in part because the U.S. government relaxed many of its data-sharing rules in response to the need for providers to focus on treating patients. Health care cybersecurity professionals are challenged to implement data security procedures that are effective in ever-expanding health care work environments.

The Role of the Health Care Cybersecurity Professional

Keeping health care facilities protected against the many forms of cyberattacks can sometimes resemble a game of whack-a-mole as criminals constantly alter their strategies and adopt new attack techniques. Advanced risk assessment approaches are intended to spot vulnerabilities in the organization’s network and to plan and implement effective security controls to mitigate cyberthreats.

Cybersecurity in health care settings requires analytical skills and ingenuity to create solutions that find and patch network vulnerabilities. The Department of Health and Human Services (HHS) recommends four best practices for risk management and mitigation for health care cybersecurity:

  1. Have up-to-date backups safely stored offline and be ready to restore data quickly and accurately from these backups.
  2. Perform regular vulnerability scans of the organization’s networks that include all internet-facing devices.
  3. Install patches for operating systems, applications and other software as soon as they become available.
  4. Keep employees up to date on how to spot phishing attempts and other activity or behavior that may indicate an attempted data breach.

Protecting Networks, Protecting Patients

Establishing a solid cybersecurity plan that prevents data breaches translates directly into improved patient care. The costs to health care providers of recovering from a data breach affect patients directly and indirectly. When their private information falls into the hands of cybercriminals, patients are at greater risk of being the victims of identity theft and of having their financial accounts compromised.

The hidden costs of data breaches for health care organizations include remediation efforts, fines for violating data privacy regulations, the cost of replacing the lost data, notification costs and loss of revenue due to unavailable systems. More importantly, data breaches can compromise patient care. For instance, Dark Reading reports on a study that noted an increase in the mortality rate after a heart attack for patients who were treated at hospitals that had high rates of data breaches.

Keeping Patient Data Safe and Improving Patient Outcomes

Cybersecurity professionals working for health care organizations make a difference in the lives of patients. They’re an important part of health care teams, whether working behind the scenes to lock down sensitive patient data or interacting with managers and employees to plan and implement security policies. Programs such as the University of Nevada, Reno’s online Master of Science in Cybersecurity serve as the foundation for careers protecting digital assets in health care and other industries.


Recommended Readings

What Is Blockchain, and How Has It Shaken Up Financial Markets?

How to Become a Security Architect: Educational Requirements and Potential Career Paths

Digital Forensics Analyst: What They Do and How to Become One



American Hospital Association, “The Importance of Cybersecurity in Protecting Patient Safety”

Business News Daily, “Connected Medical Device Security”

Critical Insight, “Healthcare Breach Report: July-Dec 2021”

Dark Reading, “Hidden Costs of a Data Breach”

Fierce Healthcare, “Healthcare Data Breaches Reached All-Time High in 2021, Impacting 45M People”

Forbes, “Increased Cyberattacks on Healthcare Institutions Shows the Need for Greater Cybersecurity”

Health Care Compliance Association, “Report on Patient Privacy Volume 22, Number 3. Privacy Briefs, March 2022”

Health IT Security, “Can Healthcare Shore up Insider Threats, Transparency Needs in 2021?”

IBM, “Cost of a Data Breach Hits Record High During Pandemic”

UpGuard, “Biggest Cyber Threats in Healthcare (Updated for 2022)”

U.S. Department of Health and Human Services, “Health Sector Cybersecurity: 2021 Retrospective and 2022 Look Ahead”

U.S. Department of Health and Human Services, “Improving the Cybersecurity Posture of Healthcare in 2022”

U.S. Federal Bureau of Investigation, “Common Scams and Crimes: Ransomware”