Cyber attacks in healthcare can be deadly. Here are 3 ways to prevent them

Hospital beds.

The healthcare sector is vulnerable for several reasons. Image: Pexels.

Cindi Carter
CISO in the Office of the CTO, Check Point Software Technologies
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:


This article is part of: Centre for Cybersecurity

Listen to the article

  • Cyber attacks in healthcare settings have the potential to put lives at risk.
  • Patient data is valuable to cyber criminals demanding ransom and notoriety.
  • Here are three actions to prevent cyber attacks from disrupting healthcare.

Earlier this month, a ransomware attack shut down emergency rooms across the US, forcing ambulances to route to other hospitals. Prospect Medical Group, which operates 16 hospitals and 166 outpatient clinics across Connecticut, Pennsylvania, Rhode Island and Texas, took their systems offline to protect them while they launched an investigation.

According to IBM’s Cost of a Data Breach Report 2023, the healthcare industry reported the most expensive data breaches at an average cost of $10.93 million. But in healthcare, cyber attacks can have ramifications beyond financial loss and breach of privacy. With ransomware attacks such as these, the loss of access to patient data and medical tools can put lives at risk. And as NPR recently reported, it can take months for hospitals to recover.

Have you read?

Unfortunately these are not uncommon incidents. Last month, Check Point Research found that an average of one in 29 healthcare organizations were impacted by ransomware. In 2022, the healthcare industry experienced a 78% year-on-year increase in cyber attacks, with an average of 1,426 attempted breaches per week per organization.

It cannot be overstated that in healthcare, cyber attacks are a matter of life and death. In fact, a survey conducted by the Ponemon Institute found that more than 20% of healthcare organizations reported an increase in patient mortality rates after experiencing a breach.

Why do cyber criminals target healthcare?

Healthcare is essential and it contains troves of sensitive medical data. For cyber criminals, breaching a healthcare organization provides access to that sensitive medical data which can be held for ransom and the guarantee of media coverage and notoriety for the hacker. Both factors put hospitals under immense pressure, increasing the likelihood that a high ransom fee will be paid.

The healthcare sector is vulnerable for several reasons. First, the increasing sophistication and quantity of cyber attacks is not a threat these organizations are set up to deal with. Many hospitals rely on a blend of old and new technologies, most of which are either not directly managed or forgotten due to improper documentation. This problem has only increased over time as more Internet of Things (IoT) and medical devices are added, despite rarely being built securely by design. The current cybersecurity skills shortage also means there's a lack of expertise to help manage this widening attack surface. Add these factors together, and cyber criminals see a high value target with a large threat surface and many potential points of entry.


How is the Forum tackling global cybersecurity challenges?

Patients deserve quality care that sustains strong physical, intellectual and emotional health outcomes. The protection of their healthcare data is a component of that. A cyber attack has the potential to affect a given individual’s or population’s physical health, and it may cause social and emotional difficulties should personal information become compromised and find its way into public view. In fact, patients are currently suing One Brooklyn Health after the organization was breached by cyber criminals who leaked patient data. The patients are concerned that they are now at greater risk for fraud, identity theft, misappropriation of health insurance benefits and more.

How to prevent cyber attacks from disrupting the healthcare workflow

1. Culture

Establish secure-mindedness in every aspect of the patient journey. Educating the staff on why cybersecurity is important and their role in protecting patients through good information security practices should become as second nature to the healthcare organization as maintaining hygienic conditions. Cybersecurity education and training must be frequent and ongoing in order to instill a secure-minded culture.

2. Endpoint protection

A single user in the healthcare system may have multiple endpoints from which they access and transmit electronic health information. Even medical devices themselves transmit data. Prevention-first endpoint protection includes a multi-layered approach encompassing the following capabilities: anti-phishing, anti-ransomware, anti-bot, content disarm and reconstruction (CDR), and automated post-detection, remediation, and response. The US Department of Health and Human Services (HHS) provides actionable guidance on the safeguarding of electronic protected health information.

3. Access control (zero trust model)

By simply cutting back on who has access to healthcare data, organizations can prevent a cyber attack from being successful. Zero trust enables healthcare organizations to enforce policies of least privilege, in which they grant the least amount of credentials necessary for the tasks required. Every level of data should be accessed on a need-to-know basis in order to reduce the number of chances of unauthorized access.

Protecting hospitals

In recent conversations with healthcare CISOs, there’s a strong desire to secure the health of everyone, everywhere, with certainty. Luckily, there is a strong culture of collaboration in the industry, with sharing best practices and lessons learned for taking action. Healthcare professionals understand the importance of good health and remain dedicated to protecting our healthcare institutions and providers.

Recent ransomware attacks against healthcare providers have emphasized that cybersecurity is essential to patient care and safety. Above all measures, healthcare organizations should take a preventative approach to their cybersecurity practices, much in the same way that the five rights of medication ensure patient safety: the right, patient, the right drug, the right dose, the right route of administration, the right time.

Clinicians shouldn’t have to worry about whether they will be able to access digital medical records or whether they can rely on their medical instruments. Focusing on improving care outcomes with patients is already a big task. By taking a prevention-first approach to protecting hospitals, providers and patients, we can stop the disruption and destruction from happening in the first place.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Related topics:
CybersecurityHealth and Healthcare Systems
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

The rise of smart contracts and strategies for mitigating cyber and legal risks

Jerome Desbonnet and Oded Vanunu

July 16, 2024

About Us



Partners & Members

  • Sign in
  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum