Top 5 cyberattacks against the health care industry

Share This

The health care industry, and hospitals in particular, are the number one target of ransomware attacks. By 2020, these attacks are expected to quadruple, according to CSO Online. In France alone, 478 cybersecurity incidents have been reported to the Agency for Shared Medical Information Systems (ASIP) since October 2017. We review the five most noteworthy examples of cyberattacks against the health care industry.

1. WannaCry: the ransomware that shook the NHS
In May 2017, the WannaCry cyberattack targeted the UK’s National Health Service (NHS). By exploiting a Windows vulnerability, the hackers managed to infect at least 16 health centres and 200,000 computers, which led to the cancellation of nearly 20,000 appointments and paralysed more than 1,200 pieces of diagnostic equipment.

2. Boston Children’s Hospital targeted by a DDoS attack
Three years earlier, a hacker launched a DDoS (Distributed Denial of Service) attack against Boston Children’s Hospital. The hospital, whose donations page was shut down by the attack, is estimated to have lost 300,000 dollars on repairs to its computer system.

3. Respirators and anaesthesia machines at risk of “medjacking”
Technology is increasingly common in health care institutions. This growing prevalence increases the risk of “medjacking”, or medical device hijacking, as demonstrated by the security flaw that researchers discovered in General Electric respirators and anaesthesia machines. This vulnerability, which the US Department of Homeland Security says is easily exploitable, has yet to be corrected by GE.

4. A phishing attack against a Montpellier medical centre
Phishing is the most widespread cyberthreat, according to the Corporate Cybersecurity Barometer published by the CESIN. An employee of the Montpellier university medical centre found this out the hard way in March 2019, when he opened an email containing a virus that went on to infect more than 600 computers. Fortunately, the hospital was using independent internal networks, which prevented the virus from spreading to all of its 6,000 machines.

5. Blue Cross pays the price for human error
While these malicious attacks are impressive, incidents can sometimes be the result of negligence or a lack of information. Such was the case in April 2018, when an employee of Independence Blue Cross, an American health insurer, accidentally posted a file containing the personal and medical info of nearly 17,000 patients online. It took two months for the company to detect this human error.

These incidents are a reminder of the importance of educating employees—including health care professionals—on good cybersecurity practices.


Share This

14 thoughts on “Top 5 cyberattacks against the health care industry”

  1. Thanks for any other great post. Where else may anyone get that
    kind of info in such an ideal means of writing? I’ve a
    presentation subsequent week, and I am at the look for such info.

  2. camo phone case

    This is the perfect blog for anyone who would like to understand this topic.
    You know a whole lot its almost tough to argue
    with you (not that I actually would want to…HaHa). You certainly put
    a brand new spin on a topic that’s been written about for years.
    Excellent stuff, just excellent!

  3. I was suggested this blog by my cousin. I’m not sure whether this post is written by him as no one else knows such details about my trouble. You are incredible! Thanks!

  4. I do agree with all the ideas you’ve introduced in your post. They are really convincing and will definitely work. Still, the posts are very short for newbies. Could you please prolong them a bit from next time? Thank you for the post.

Leave a Comment

Subscribe for latest updates

Sign up to be in the know