I would like to focus on 3 examples of cyberattack methods that occur in hospitals.
1) Ransomware attacks:
In 2017, the WannaCry ransomware attack targeted hospitals and healthcare organizations worldwide, including the National Health service (NHS). It exploited a vulnerability in Microsoft Windows Systems across networks. WannaCry infected computer systems and encrypted patient records to demand a ransom in cryptocurrency for decryption keys, leading to disruption and potential risks to patient care.
2) Phishing attacks:
In 2020, a phishing campaign targeted healthcare workers with COVID-19 related lures. Hospital staff received phishing emails containing malicious attachments or links that seem to be from a trusted source. Clicking on the provided link led to credential theft, which was a fake login page similar to the hospital’s email system, and unauthorized access to the hospital’s network and potentially compromising patient data.
3) Insider threats:
This cyberattack could be caused by intention or accident. In 2014, a former employee of a Texas hospital gained unauthorized access to sensitive patient information and exposed them to external parties by posting them online. This breach compromised the privacy and security of patients, leading to legal consequences for the hospital.