The Healthcare Industry: A Perfect Mark for Cybercriminals

Tom Badders
June 18, 2021 • 5 min read
A New Approach to Protecting Healthcare Assets

It’s hard to ignore the epidemic of ransomware attacks on hospital facilities. In 2020, more than 600 separate healthcare facilities in the US have succumbed to security and ransomware attacks costing hospitals $21B of downtime.  Attackers crippled operations for Universal Health Services across its 400 hospitals and care facilities in the US, severely hampered network communications for a healthcare facility in Vermont which required the assistance of the Army National Guard’s Cyber Response unit for its recovery efforts, and paralyzed a hospital’s systems in California for a month following the attack. The cyberattacks escalated to a point where some patients were sent home without medical care and some smaller health facilities folded up their operations entirely. 

Why are hospital organizations so vulnerable to cyberattacks?

The perfect storm for cybercriminals

Moody’s Investors Service ranked hospitals as one of the most vulnerable sectors for cyberattacks. The primary reason for the high risk is the hospital organization’s heavy reliance on technology. Hospital facilities have embraced the digitalization of patient medical records, lab results and medical orders. Hospitals rely on their electronic patient records to administer the appropriate medicine, medical services, and perform surgeries. A lock of these records would collapse the operations of hundreds of medical facilities and emergency rooms for some of the largest hospitals and health systems in the US.

Today’s hospitals utilize hundreds of connected devices including monitors, imaging, and patient data systems to increase efficiencies, reduce costs, and provide an overall better patient experience. While these medical IoT devices enable hospitals to provide a higher level of care, many lack robust security controls and are now an access point to the hospital’s network, increasing the hospital’s attack surface.  Any time a device is connected to the hospital network, there is a risk of an attack to exfiltrate patients’ confidential information or to gain access to the network for even more nefarious intentions. The thrust toward digitalization and increased sharing of data between healthcare providers, medical devices and third-party vendors have exacerbated the security risks for hospital organizations.

The challenge of keeping hospital networks secure is further complicated by the legacy IT infrastructure still using outdated devices and operating systems.  Without basic cybersecurity controls and the latest software patches, hospitals are defenseless against a sophisticated attack where hackers are constantly changing their tools and techniques.

The combination of heavy reliance on technology, woefully lax security measures, and the stakes involved – patients’ lives – has created a perfect storm where ruthless attackers like Ryuk can lay siege to national hospital chains, bring them to their knees and extort millions of dollars in exchange for restoring access. When you are dealing with patients’ lives, you are going to panic and react much quicker because a delay could be mean the difference between death and life.

Think like a hacker and protect those critical resources

This year is on pace to be another excoriating year for the healthcare sector in cyberattacks. Ransomware attacks on hospitals have grown by a factor of five since 2018. In order to get ahead of the digital extortion games, hospitals need to put the cybersecurity of their critical infrastructure ahead of everything except patient care.

When a ransomware gang hits a hospital, the attackers are looking to inflict the most damage in order to extract a large ransom as quickly as possible. In a hospital, this is most likely the Electronic Medical Record (EMR) system which contains a digital version of all the information you’d typically find in a provider’s paper chart. The EMR system contains millions of critical files that are essential to the hospital staff to perform their job. Blocking access to the EMR system easily disrupts patient care delivery across the hospital network. For a large hospital system like Universal Health System, such a breach could affect its entire network of over 400 hospitals, free standing ERs and outpatient facilities across the country.

To stay one step ahead of the hacker, hospitals need to begin to think like a hacker. Identify those critical assets that are attractive to hackers and because an attack would bring the hospital system to its knees. In this case, it would be the EMR server. How could you hide the EMR server’s presence from the internet and from attackers?

With a virtual obfuscation network, hospital organizations could cordon off its EMR system by hiding it on a server that is only accessible through the network, which itself is also invisible to unauthorized users. By removing the server’s presence from the internet, healthcare organizations reduce their attack surface and effectively eliminate the risks of the worst outcomes of attacks.

To learn more about how the Telos Ghost virtual obfuscation network can help to protect your critical assets, visit:

Tom Badders
Senior Product Manager
Tom Badders is a Senior Product Manager at Telos Corporation.
Read full bio
1 Comment
Newest Most Voted
Inline Feedbacks
View all comments
Hector Rodriguez

Agree, the defenders must think like the attackers. Beginning with a mission critical analysis and quantifying the risk to the patients (and community served) is a key starting point. There is a real need to be process driven and to reverse engineer the intrusion process that attackers follow – an obfuscation network should be part of that layered and in-depth security design.

Subscribe to Our Newsletter

Email Address
Select a Country

Although we may use your information for targeted marketing and advertising, as described in the Privacy Policy, we will never sell your information to any third party.