Skip to main content

The healthcare industry is no stranger to cybersecurity threats. With patient records averaging $50 on the black-market, it makes medical practices and hospitals a gold mine for hackers. In 2016, the healthcare industry alone exposed more than 10 million social security numbers. This was more than any other industry according to a report from CyberScout and the Identity Theft Resource Center.

Here are the 3 cybersecurity threats in healthcare:

#1: Employees

Employees are the #1 risk to your medical practice. reported that 43% of healthcare breaches were caused by employee error. These attacks are generally caused by uneducated or careless staff members who don’t know anything about cybersecurity.

Here’s a few questions to ask yourself:

  • Can your staff spot a phishing email?
  • Do they know not to visit inappropriate sites like gambling or porn websites?
  • Are they receiving regular cybersecurity training?

If you answered “no” to any of these questions, then your medical practice could be in serious trouble.

What should you do next? Get a cybersecurity plan in place now. This includes:

  • Regularly scheduled cybersecurity training especially on phishing emails.
  • Website monitoring and blocking.
  • Password management.

#2: Malware and Ransomware

Malware, especially Ransomware, is detrimental to healthcare more so than any other industry. According to, 72% of healthcare malware attacks were Ransomware. These viruses can be contracted by downloading an attachment or clicking links in a phishing email. They can even get through software loopholes like with the WannaCry Ransomware.

Once they’ve encrypted your files, they’ll demand payment. Hackers know hospitals and medical practices will do whatever it takes to get patient records back. In the end, it results in a big payout for the ransomware engineer.

To protect against these costly cyberattacks, you must:

  • Implement Ransomware training and alerts.
  • Monitor your network 24/7.
  • Backup your files daily.
  • Encrypt all data.

#3: Phishing Attacks

Have you ever received an email from the IRS to your work account? Don’t open it! It’s a hacker masquerading as a legitimate organization. More than likely, you wouldn’t give the IRS your work email address. Hackers want you to think it’s real so you’ll click on the link or open the attachment.

Here’s an example:

Image result for example of phishing attack irs


Phishing emails may even come from someone you know such as your CEO or office manager. However, it’s really just a similar email. These types of emails can be extremely sneaky. GreatHorn’s 2017 Spear Phishing Report said that 91% of display names are spoofs in phishing attacks.

In order to avoid a phishing email, here’s what you should do:

  • Identify the actual sender email address.
  • Send to your IT department or provider for further investigation.
  • Never click on links or open attachments.
  • Train yourself to recognize a phishing attack.