Understanding Cyber-Attack Vectors in Healthcare

Posted Aug 21, 2023 under:

Cybersecurity is paramount

With an increase in cyber-attacks against U.S. healthcare providers, it’s critical to understand how to identify and prevent any potential attacks on your practice or center.


Protect Sensitive Data

A rise in cyber-attacks against the United States healthcare system has put a spotlight on being able to identify and prevent a breach of your system.

Have you ever considered how you would respond in the event of a significant data breach? Are you and your staff able to identify malicious links through email or on the web? If not, now is the time to prepare. Data shows that cyber-attack rates on U.S. healthcare doubled from 2020 to 2023 and have consistently trended upward since 2012, according to the U.S. Department of Health & Human Services.

With further large-scale attacks expected in the future, healthcare providers should do their best to provide additional layers of security to protect their patient’s private information and identifiers.

Why Healthcare?

Why would cyber criminals, whether domestic or foreign, target our healthcare system? Checkpoint Software identifies three leading causes for these attacks:

  • Sensitive Data: Healthcare organizations have access to a wide range of sensitive data, including patients’ health information and payment card data. Such a valuable trove of data centralized in one location is an ideal target for cybercriminals.
  • Critical Infrastructure: Ransomware groups prefer to target organizations that are likely to pay the ransom. Healthcare organizations provide critical care and need to restore operations as quickly as possible, making them likely to meet attackers’ demands.
  • Internet of Medical Things (IoMT): Healthcare organizations increasingly rely on networked devices to provide care. Often, these devices have poor security, providing attackers with easier access to sensitive data and the organization’s networks.”

The payoffs of these attacks, no matter how small or simple, could yield valuable information that could lead to further extortion, system shutdowns, or increased risks for patients.

Types of Cyber Attacks

While cyber-attacks come in multiple forms, the Center for Internet Security (CIS) details several of the most common styles, including Ransomware, data breaches, Distributed Denial of Service (DDoS), and insider threats.


One of the most common forms of cyber-attacks, ransomware infects user files and systems, making them slow, inoperable, or inaccessible until a ransom is paid.

The Center for Internet Security explains that ransomware typically reaches targets through the following ways:

  1. Phishing emails containing a malicious attachment.
  2. Users click on a malicious link.
  3. Viewing an advertisement containing malware.

How to avoid: Center and practice staff should always remain on guard for emails from unknown external senders or potentially spoofed (faked) internal email addresses. Spoofed emails can represent those inside your organization.

If a staff member is unsure if an email is safe or is coming from a spoofed email address, they should do the following:

  1. Notify an administrator.
  2. Check with the person the email address is attached to to see if it is real.
  3. DO NOT click any links or open attachments in an email that may be unsafe.
  4. Contact IT to review the email and delete it.

Data Breaches

Data breaches can provide cyber-criminals with precious information to sell on the black market. The Center for Internet Security states that personal health information (PHI) sells for a significantly higher price ($355/avg) than personally identifiable information ($1-$2/avg)

“This is because one’s personal health history, including ailments, illnesses, surgeries, etc., can’t be changed, unlike credit card information or Social Security Numbers,” the CIS states.

“PHI is valuable because criminals can use it to target victims with frauds and scams that take advantage of the victim’s medical conditions or victim settlements. It can also be used to create fake insurance claims, allowing for the purchase and resale of medical equipment. Some criminals use PHI to illegally gain access to prescriptions for their own use or resale.”

How to avoid: The Federal HIPPA Security Rule outlines required security steps to protect electronic health records (EHRs). Current mandates also require providers to report attacks involving at least 500 records. This also includes ransomware attacks.

Distributed Denial of Service (DDoS)

Distributed denial of service attacks attack systems by forcing a large amount of traffic through a system to the point of overload. With various tactics, DDoS attacks can bring down critical infrastructure used to provide care to patients.

According to Security Scorecard, stopping a DDoS attack can be difficult once it has begun, emphasizing the importance of implementing proper security measures to protect your network.

How to avoid: Taking proactive steps, such as staying alert for malware-laced emails and websites and monitoring web traffic. Another recommended step is practicing good “internet hygiene.” This includes routinely changing passwords, secure authentication practices, and being able to recognize phishing schemes.  

Insider Threats

One of the most dangerous threats to the security of private information comes internally. While not all insider attacks are malicious, simple slip-ups can lead to severe consequences.

A disgruntled or careless employee can expose system vulnerabilities and invite cybercriminals onto your network. These insider attacks can be devastating, including the loss of critical medicines, technology, and patient data.  

“The insider poses a threat because the legitimate access they have or had to proprietary systems discounts them from facing traditional cybersecurity defenses, such as intrusion detection devices or physical security,” CIS says. “They also may have knowledge of the network setup and vulnerabilities, or the ability to obtain that knowledge, better than almost anyone on the outside. While an insider may be simply careless, others cause destruction with malice. The insider threat concept encompasses a variety of employees: from those unknowingly clicking on a malicious link which compromises the network or losing a work device containing sensitive data to those maliciously giving away access codes or purposely selling PHI/PII for profit.”

How to avoid: Proper training is the best course of action to deter insider threats proactively. These include identifying malicious links and suspicious behavioral changes to look for in employees. Promoting a “see something, say something” culture can allow practice or center administrators to take action early and limit risks.


Understanding these threat vectors and how to identify them is the first step in ensuring the digital security of your practice or ASC. As a result, you can reduce your risks and save your location from legal or financial troubles.


U.S. Dept. of Health & Human Services: https://www.hhs.gov/sites/default/files/2022-retrospective-and-2023-look-ahead.pdf

Checkpoint Software: https://www.checkpoint.com/cyber-hub/cyber-security/what-is-healthcare-cyber-security/cyberattacks-on-the-healthcare-sector/

Center for Internet Security (CIS): https://www.cisecurity.org/insights/blog/cyber-attacks-in-the-healthcare-sector

HIPPA Security Rule: https://www.hhs.gov/hipaa/for-professionals/security/index.html

Security Scorecard: https://securityscorecard.com/blog/best-practices-to-prevent-ddos-attacks/

A new way to think about Health Care

Create a next level experience for outpatients with modern facilities, high quality of care.

Medical Team Performing Surgical Operation in Bright Modern Operating Room


Case Studies for the benefits of an integrated system