Modern medicine, as well as biotech research, have achieved astounding feats following their embrace of modernization and digitization. This shift to increased technological advancements consequently brings an increased reliance on these high-tech tools. However, these same institutions are left scrambling around in confusion when those systems are disrupted.

The healthcare industry is often exposed to dangerous cyberattacks which have come with the universal move toward digitally dependent economies.

Ransomware attacks continue to be a huge cause of concern for most hospitals all around the world, especially in the United States, where the healthcare industry represents 18% of the American GDP. Healthcare administrators and the massive institutions they manage are often prime targets for hackers, who usually cripple the most important systems and make sure hospitals cannot access crucial data belonging to patients until the demanded fee is paid to them (or in other instances, the ransomware is removed by IT specialists.) Some critical and high-tech medical equipment such as automated blood analyzers cannot be replaced with nontechnical systems, making the impact so much worse.

A growing trend is also that of double-extortion attempts whereby the hackers not only lock the computers with a message demanding ransom, but they also contact the victims with proof of the data they have collected. If they post the data they have stolen onto their websites, it will increase the pressure of the organization to simply pay the ransom fee being demanded to avoid regulatory penalties.

Patients are usually hit the hardest because of the impact on current care, that is, services are disrupted and facilities that are compromised may be able to accept new patients. This results in longer transportation times to facilities that are farther away which are not affected by the attack. Circumstances like these turn a cybersecurity incident into a life-or-death scenario.

The pandemic accelerated the shift of the already lucrative ransomware method used by cybercriminals.

An example of this is as recent as September 2020 where Universal Health Services was attacked on an early Sunday morning. The attack locked down computers as well as telephone systems for more than four hundred branches of the United Health Services across the country, leaving staff to manually file patient information and bottlenecking operations. Although patients were cared for safely and effectively in all the facilities in the country thanks to the use of backup processes in place, it took nearly three weeks for the systems to get fully restored.

As countries all over the world were declaring public health emergencies in 2020, there was a growing trend in ransomware actors targeting a countries’ healthcare organizations also began to form. The hackers aimed to access sensitive information relating to COVID-19 positive cases as well as scientific research into any possible treatments.


What fuels ransomware?

Lack of cybersecurity expertise along with the proliferation of medical IoT devices place hospital administrators in risky waters.

Vulnerable legacy systems also fuel such risks.

Other issues include:

  • Systems that are non-updatable (possibly legacy integrations)
  • Absence of effective patching
  • The nature of healthcare operations being 24/7 leads to the inability to remediate the systems which may be vulnerable

All these ‘loopholes’ have made ransomware a perfect tool for criminals targeting healthcare institutions.

Fortunately, there are quite a vast number of not only well-understood techniques but also processes that many cybersecurity professionals from Managed Detection and Response (MDR) companies have used efficiently to protect other different sectors of the economy. These techniques can equally be applied and be successful in the health industry.

How are MDRs useful?

MDRs put into use a variety of technologies to help cover all manner of healthcare infrastructure. The EDR solutions provide visibility into laptops as well as workstations, detecting and also blocking the types of malicious activity ransomware found. MDRs also have experience in leveraging leading industry SIEMs to follow up on the activity such as medical IoT, cloud services as well as other technologies where EDR solutions are not able to be deployed.

MDRs often bring best practices for activities, for example, vulnerability scanning and inventory of all the devices in large medical campuses. These same services can also identify weaknesses that can be exploited by ransomware. In addition to these well-tested technologies, the MDRs have a set of recently acquired capabilities.

Another example is threat hunting. It emphasizes deeper visibility into the organization’s potential weaknesses through tracking tell-tale signs of a possible breach. Threat hunters usually make use of most of the available data sources. However, they also engage in a “what if” effort whereby they make a different hypothesis and then test them with no data. If there is no evidence found, the hunters can then be satisfied that there is no urgent issue. If evidence is found, however, response and remediation are then prioritized to ensure that the impact is contained. Ultimately, several threats are unavoidable, and reactivity comes with the territory; however, it is vital to add a layer of proactive practices to ensure success and prevent major incidents.

Experience is a critical element.

Given the shortage of cybersecurity talent in the workforce, training plays a huge role in any size organization, be it the free-standing ERs, hometown practitioners, research facilities or large hospitals.

The following areas can be investigated to ensure better cybersecurity:

  1. Management of passwords – Healthcare facilities need to strengthen their password management.
  2. (MFA) A Multifactor Authentication – Healthcare is expected to adopt novel MFA instruments, for example, token-based authentication while also relying less on the methods which are not so effective such as phone-based authentication.
  3. Risk-based access controls – With remote work and care now on the rise, accessing systems from different locations might burden the users with some additional authentication requirements. The issue can easily be addressed by enforcing access policies depending on the risk.


Although cyber threats keep increasing, having stronger security measures and policies can curb this. It should be the primary focus for healthcare organizations as the world continues to move past the pandemic.


We Can Help

If your healthcare organization is looking to augment its security efforts, reach out to T2 Tech for a full security assessment. We can review and outline your current infrastructure and help identify areas of risk.