Healthcareunit 42

Healthcare Cybersecurity


A growing focus on healthcare cybersecurity is emerging because the healthcare industry is renowned among cybercriminals for being target-rich. That is because patient records, research data, and intellectual property can bring top dollar on the dark web.

While stolen financial data typically has a minimal shelf life, personal health information (PHI) is forever. Victims can get a new credit card after a breach, but they cannot change their blood type or their medical history. That fact alone boosts the value of PHI to cyber thieves, who can hold the information hostage for ransom or sell it to third parties long after it has been stolen.

This is not to say cybercriminals are ignoring opportunities to steal money from healthcare organizations. Healthcare represents nearly a fifth of the U.S. economy, with large sums moving electronically every day between multiple parties and organizations – payers, providers, suppliers, and patients. It can take only one weak link in the chain to create an opportunity for threat actors to strike.

When it comes to cyber incidents, healthcare stands out

  • Healthcare companies and organizations represent 16 percent of all incident response matters Unit 42 handles, ahead of all other industry categories.
  • Ransomware is the attack method of choice against healthcare organizations, which account for more than one-fifth of all the ransomware incidents we encounter.
  • Business email compromise (BEC) threat actors target the sector, mostly to steal money. Healthcare represents 15 percent of BEC incidents we respond to.
  • Due largely to healthcare’s increasing reliance on cloud solutions, the sector accounted for 15 percent of our client engagements that involved inadvertent disclosure of sensitive data.
Learn more about the growth in healthcare cyber attacks in the Unit 42 Incident Response & Data Breach Report

Healthcare has unique cybersecurity challenges


Heading into the cloud comes with risks.

The healthcare industry has been undergoing a transformation to cloud solutions for everything from billing to remote patient care options, online patient portals, and more. While these offer efficiency and scalability, they also increase the risks associated not only with cybercrime but also with inadvertent disclosure events that can expose volumes of sensitive data.


IoT security is an emerging issue.

Medical devices are becoming increasingly interconnected, thereby enlarging the attack surface on which cybercriminals can gain access to sensitive data or even disrupt patient care while in progress. This proliferation of IoT devices, along with the increasingly sophisticated tools and techniques that threat actors use to hack them, means that healthcare providers have to secure more equipment than ever before – and the stakes have never been higher. Appropriately managing cybersecurity in healthcare requires a partner with experience and unique expertise, learn more about Unit 42 now.


Disruption and downtime costs can be staggering – with serious risk to patients.

Given what they do, hospitals, medical practices, and other healthcare organizations can least afford to experience disruptions in essential systems and networks. As they rely increasingly on electronic data exchange, system downtime not only results in huge costs but can also bring delays in accessing critical patient health information and keeping life-saving services operating smoothly.


Regulators are watching.

The Health Insurance Portability and Accountability Act (HIPAA) places additional responsibility on healthcare organizations to protect individuals’ electronic personal health information that they receive, use, or maintain. HIPAA’s Security Rule requires appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. If healthcare organizations lose control of their data, they are required to provide notification to affected individuals, the federal government, and, in certain circumstances, to the media.


Pandemics raise the stakes.

While they focus their time, attention, and resources on the response to COVID-19, healthcare organizations have seen increases in cybersecurity attacks as threat actors seek to exploit the emergency. Since the start of the pandemic, there has been a significant increase in phishing emails and malware distribution using COVID-19 as a lure. Meanwhile, intelligence agencies have reported that hackers are using malware and sophisticated phishing emails to try to gain access to vaccine research and information on medical supply chains.

View this case study detailing how a major healthcare organization struggled in the wake of a malware attack and recovered with the help of a Unit 42 vCISO.

Unit 42 solutions cybersecurity for healthcare organizations


Perform a Health Insurance Portability and Accountability Act (HIPAA) Assessment.

Unit 42 applies HIPAA guidelines and requirements to assess an organization’s overall security posture accounting for their people, processes, and technologies in use to secure the organization and its assets. We gain an understanding of the cybersecurity landscape, mapping where PHI and other sensitive data resides, and how it is stored and transmitted. We also review existing documentation and make recommendations based on healthcare industry standards, as well as conduct stakeholder interviews to get insight into cybersecurity infrastructure, operations, capabilities, processes, and overall practices across the organization. Our HIPAA Assessment includes detailed recommendations to remediate identified weaknesses or gaps in security, as well as a strategic implementation roadmap detailing how identified weaknesses may be addressed, including the perceived level of effort and estimated costs.


Conduct in-depth cyber risk assessments tailored to healthcare-related threats.

Unit 42 offers targeted assessments and technical cybersecurity services to test and evaluate cybersecurity posture and overall cyber resilience, and to verify that security controls are performing optimally and efficiently. These include penetration testing – where we simulate a real-world attack to assess the strength of your countermeasures and identify hidden vulnerabilities – web and mobile application testing, targeted security assessments of your current configurations, phishing exercises, and tabletop exercises that include customized scenarios based on threats that are specific to the healthcare industry.


Build a fit-for-purpose cyber defense posture for healthcare.

Protection starts with initiating safeguards and implementing continuous monitoring capabilities to ensure the delivery of critical infrastructure services. Examples include identifying management and access control, conducting cyber risk awareness training for employees, and implementing information protection processes and procedures. This involves monitoring cybersecurity developments and events to verify the effectiveness of protective measures.


Respond to cybersecurity incidents if and when they occur.

The Unit 42 incident response team is ready at a moment’s notice to help healthcare organizations investigate, eradicate, and recover from ransomware attacks, as well as from business email compromise, inadvertent disclosures of data, and other types of incidents. Our mission is to immediately stop the attack, expel the intruder, restore systems, and get operations back online as quickly as possible – while leveraging data analytics solutions to investigate the extent of PHI exposure in light of HIPAA obligations.