The health care industry is one of the most popular and lucrative targets for cyberattacks and malicious activity. Health care organizations always present as an attractive proposition to hackers as they possess high volumes of sensitive information about patients and rely on highly vulnerable medical devices.

Advancements in medical procedures and the growth in digital innovation have led to an increase in the complexity of networks and security. Medical firms need to ensure they protect their data, employees and patients with appropriate data integrity and security solutions that don’t break the bank while controlling costs.

The danger is real. IBM’s Cost of a Data Breach Report found that health care organizations suffered the highest costs of data breaches for the 11th consecutive year in 2021. This year saw the average cost of a health care data breach surge to $9.23 million, a 29.5% increase from the previous year. That’s more than any other industry, with the financial sector being a distant second, at $5.72 million. Furthermore, medical organizations have seen a 185% increase in the number of health care data breaches this year compared with last year. 

Significant Challenges to Health Care Cybersecurity

Health care organizations face significant vulnerabilities from outdated or legacy technologies that are attractive targets for today’s cyber attackers. To make matters worse, a majority of the newer medical devices are still not being developed with cybersecurity controls in mind. Traditional vulnerability management approaches present several challenges within modern health care IT environments. New devices and technical limitations can make traditional methods largely ineffective.

Health care cybersecurity is threatened on a number of fronts, including:

Phishing Attacks

Cybercriminals target victims through email, social media and text messages. The attacker poses as a legitimate sender and attempts to dupe victims into opening malicious attachments or spoofed hyperlinks. This enables the attacker to steal personally identifiable information (PII), such as login credentials, credit card information and account details, and use this information as part of broader identity theft activity.

Insider Threats

Insider threats occur when disgruntled employees leak or sell data, or through employee negligence. Both can result in health care data being leaked and made available for purchase on hacker websites. Insider threats can also lead to hospital cyberattacks by external actors.

Internet of Medical Things (IoMT) Attacks

The health care industry continues to see a massive increase in the use of internet-connected medical devices, collectively known as Internet of Medical Things (IoMT) devices. These connected devices, like heart rate monitors, infusion pumps, smart imaging systems, inhalers and thermometers, are increasingly vital to caring for patients. However, many connected devices don’t have adequate built-in security and can’t be controlled or monitored by traditional IT security products. This makes IoMT devices extremely vulnerable to cyberattacks, so they must be secured to prevent cybercriminals from accessing and exploiting the data they generate.

Gary Arnold, director of strategic partnerships at Armis, provides an example of the danger: “In May 2021, Armis researchers discovered PwnedPiper, which is a series of nine critical vulnerabilities in the Nexus Control Panel that controls Swisslog Healthcare’s Translogic pneumatic tube system (PTS) stations. The infrastructure delivers medication, blood products and lab samples to more than 3,000 hospitals worldwide. However, the vulnerabilities allowed attackers to seize control of PTS stations and deploy ransomware that could enable them to launch denial of service (DoS) or man-in-the-middle attacks.”

Ransomware Attacks 

Ransomware poses a significant threat to medical organizations. It involves attackers gaining unauthorized access to a network and injecting malware to lock users out of machines, steal data or paralyze a system to prevent access. The attacker then demands a ransom with the promise of providing a decryption key and return of the stolen data when the ransom is paid.

Remote Connectivity and Telemedicine Risks 

Many health care organizations have seen a sharp rise in online consultations over the last 18 months. Remote connectivity and telemedicine offer ease of use for both medical staff and patients. However, they also increase the risk of cyberattacks and health care data breaches if they aren’t adequately protected or if users don’t have secure access.

How to Secure Health Care Data and Organizations

The impact of cyber crimes targeting the health care industry can be mitigated by implementing the right security solutions. The combination of the right security solutions and sufficient training for staff helps businesses prevent data loss, leakage and theft. It also provides visibility into device and system vulnerabilities. Furthermore, employees are better positioned to spot the potential signs of a cyberattack, which means organizations can identify and mitigate the impact of attacks by responding as quickly as possible.

Armis and IBM provide security services and solutions for health care and life sciences companies, securing them against the rising tide of cybercrime. These include:

  • Working with the client to implement security solutions that bring visibility to devices and networks to check for vulnerabilities that could be exploited by attackers
  • Implementing security controls that address known security vulnerabilities
  • Integrating the Armis security solution with the security operations center to monitor medical and supporting systems for new vulnerabilities, malware, cyberattacks and system changes that could impact the business negatively.

Armis and IBM help health care organizations secure their systems by monitoring for risks and assessing device behavior. The solutions also provide clear visibility into who or what is attempting to access their corporate networks. These solutions are able to monitor devices on Wi-Fi networks (and other protocols like Zigbee and Z-Wave) for potential network intrusion and data exfiltration. They also monitor devices that aren’t directly connected to networks, such as defibrillators or devices like smart lights, smart locks and wearables.

Gain the Advantage Over Cybercriminals

Health care organizations face an ever-increasing risk of cyberattacks. As they deploy more sophisticated devices and networks and continue to expand remote care, their security threat level increases. Medical companies need to ensure all of their users and devices are protected by deploying solutions that increase the visibility of their attack surface, help them fight emerging threats, and keep their network secure.

Discover the critical considerations that will help your organization gain the upper hand in the fight against cybercriminals by downloading this Armis whitepaper.


More from CISO

Poor Communication During a Data Breach Can Cost You — Here’s How to Avoid It

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…

5 min read

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

Do You Really Need a CISO?

2 min read - Cybersecurity has never been more challenging or vital. Every organization needs strong leadership on cybersecurity policy, procurement and execution — such as a CISO, or chief information security officer. A CISO is a senior executive in charge of an organization’s information, cyber and technology security. CISOs need a complete understanding of cybersecurity as well as the business, the board, the C-suite and how to speak in the language of senior leadership. It’s a changing role in a changing world. But…

2 min read

What “Beginner” Skills do Security Leaders Need to Refresh?

4 min read - The chief information security officer (CISO) was once a highly technical role primarily focused on security. But now, the role is evolving. Modern security leaders must work across divisions to secure technology and help meet business objectives. To stay relevant, the CISO must have a broad range of skills to maintain adequate security and collaborate with teams of varying technical expertise. Learning is essential to simply keep pace in security. In a CISO Series podcast, Skillsoft CISO Okey Obudulu recently said,…

4 min read