Healthcare and cybersecurity have a very closely entwined relationship. The healthcare industry is filled to the brim with medical computers and EHR records housing valuable patient data. Cybercriminals are often chomping at the bit for this kind of information as it can sell for quite the pretty penny. Naturally, healthcare facilities are aware of this, making the necessary efforts to stop these attacks before they can make off with this data. 

And so, cybercriminals constantly improve their methods of stealing this data to get around those efforts, causing healthcare professionals to continually improve their cybersecurity efforts in order to outpace those advances. It’s a cyclical pseudo-arms race in a never-ending battle for patient data.

A perfect example that took place rather recently can be seen amidst all the chaos concerning the coronavirus. Almost immediately, cybercriminals created a fake map for those interested in tracking the spread of the virus. The moment it’s downloaded, criminals are given access to all manner of information housed on patients’ phones, including passwords, credit card numbers, and more. Almost just as quickly, task forces were created to address and squash these attacks.    

Why is Cybersecurity Important in Healthcare?

Cybersecurity is essential for all industries, so, what makes healthcare industry cybersecurity so important? The truth of the matter is, healthcare is especially susceptible to cyberattacks because of how involved the industry is with new, burgeoning pieces of technology.

Healthcare cybersecurity attacks often aim to hit clusters of hardware that are connected to the same network. By gaining access to a single computer, a cybercriminal can access an abundance of data that is shared between that computer and others within the same facility. Hospitals are regularly advancing the way care is delivered with new, interconnected pieces of hardware such as IoT capable devices. This is great for patients in need of efficient care, but it’s also great for criminals. After all, every device added to a healthcare facility’s network is just one more entry point through which they can steal patient data. For this reason, BYOD policies are often discouraged in healthcare settings since adding more devices that aren’t properly protected puts patients at even higher risk.

Efforts to bolster both cyberattack rates and healthcare industry cybersecurity have both increased in response to the continued digitization of the health sector. In fact, according to a report by Herjavec Group, ransomware attacks are predicted to grow 5X by 2021 while healthcare industry cybersecurity spending is set to grow by $65 billion. Yet another tit for tat in this continued struggle for patient information.      

What do Healthcare Cyberattacks Target?

One of the most sought after targets of a cyberattack is login credentials. In most cases, this can be login credentials to social media sites, bank accounts, and more. In the case of healthcare, however, the credentials that are usually targeted are those used to access patient records. This is because patient records have access to several key pieces of ID information ranging from names and birthdates to home addresses and even social security numbers. Easy to see how a person’s identity can be stolen when all of this information is up for grabs in one location. 

Using these credentials, cybercriminals can log into a patient’s health record, record all this data, and use it to receive expensive healthcare they otherwise couldn’t afford. Conversely, they could even sell this data to others looking to steal the same kinds of benefits for large sums of money. Those with access to this information can even leverage it to obtain prescription drugs, medicare, and medicaid that would otherwise be too expensive or entirely impossible for them to attain. 

The motivation to attack these records is there and it’s there in spades. So, how does healthcare fight back?

How Can We Improve Cybersecurity in Healthcare?

Like we mentioned, healthcare has done a wonderful job staying ahead of cybercriminals’ efforts with efforts of their own. The list below is by no means an exhaustive one, but here are  few of them more popular and effective means of protecting patient health records and data. 

Authentication Hardware

Patient data isn’t only stolen online. When data is stored on a computer or hard drive, simply stealing the hardware itself is an effective, albeit archaic, method of stealing patient information. Thankfully, authentication hardware such as RFID scanners and CAC readers exist to ensure whoever is accessing this hardware is authorized to do so. 

With authentication hardware in place, even if a device is stolen, breaking into the device and accessing the data inside becomes much more difficult without a staff members’ RFID badge or CAC card. 

For those interested in further empowering their security, multi-factor authentication with biometric scanners can also help immensely. Facial recognition or fingerprint scanners can provide that extra layer of defense while also shortening the amount of time it takes to log into a patient’s health record.  

Staff Training

According to that same study by Herjavec Group, 1 in 4 healthcare staff members haven’t been trained in proper healthcare industry cybersecurity practices. It should go without saying that having your staff know what to look for in a data breach can help them quickly report suspected cyberattacks to IT staff before a small concern can become a debilitating breach. 

In many cases, when staff is vigilant about the newest trends in cyberattack methods, they can pass off that knowledge to patients as well. For example, nurses and doctors who knew about the coronavirus map ransomware attack could have imparted that knowledge onto patients, arming them with the awareness they needed to protect their data. 

Single Sign On 

Single sign on solutions allow healthcare facilities to authenticate users and staff members as they log into their workstations. By using separate databases to reference credentials used to reference a patient’s record, SSO services only grant access to rightful users across all of the apps used on a nurse or physician’s workstation. 

Used in conjunction with authentication hardware like RFID badges and CAC readers, medical tablets and computer on wheels setups can have a multi-tiered defense for dealing with cyberattacks. 


Blockchain networks have become incredibly popular not just in healthcare, but in industry as well as manufacturing also further digitizes their own operations with new technology. In short, blockchain is a P2P network that encrypts any and all data that is stored within it. Furthermore, anytime a new piece of data is recorded into a blockchain network, it receives an identifying number called a hash. Whenever a new block of data is added afterward, it will receive its own hash and also the hash of the block before it. All of these boxes are linked this way into a chain, hence the name.

Editing one of these blocks in any way becomes near impossible since it would require a user to change all of the other blocks linked to it in a chain. Furthermore, since the network is P2P based, any change or addition to the chain must be approved by all parties involved, making it much easier to track, spot, and eliminate any questionable activity from a cybercriminal.

Blockchain is particularly promising for healthcare because pushes have been made for a while to give patients access to their own health data. By adding patients as a member of this blockchain, they can have direct control over who is given access to their network and their information, meaning one more vigilant pair of eyes looking after that data and defending it from criminals.

Healthcare Industry Cybersecurity will Evolve in Tandem with Cybercriminals

As long as cybercriminals continue to enhance the ways they target patient data, the healthcare industry needs to stay vigilant and up to date on the newest and most efficient ways to protect themselves and their patients. Only time will tell which way both sides will evolve as time goes on but, until then, understanding why healthcare cybersecurity is so important is essential to taking steps to protect that data. For more information on how you can improve your facility’s cybersecurity efforts, contact an expert from Cybernet today.