Skip to content

The Healthcare Industry: a target for cyberattacks

Written By :

  • Guillaume Caron | Expert RCGT
    Guillaume Caron

    Chief Executive Officer VARS - Cybersecurity Risk management consulting

The health sector is not immune to phishing attempts. To prevent cyber attacks, it is essential to be well prepared.

Since the beginning of the pandemic, we have seen a significant increase in the number of phishing campaigns, ransomware attacks and social engineering.

Indeed, malicious actors are taking advantage of the vulnerability of certain clinics and practices because nonclinical health care professionals such as financial, administrative, healthcare IT teams are working from home, some without any cybersecurity controls in place.

These cyber vulnerabilities are resulting in even more weaknesses in the healthcare system, patient support systems and the protection of patient information.

This is why hospitals, treatment clinics, care homes and medical laboratories must, in their new normality, plan, prepare and be extremely careful when it comes to their cybersecurity.

Healthcare Industry Threats

With the evolution of medical equipments, which now depends more on your network infrastructure (IoT), cybersecurity enables patient safety and care by preserving the accuracy of the patient data, while still protecting patient confidentiality and privacy. Cyber criminals may take advantage of the COVID-19 crisis, using the increased pressure being placed on health organizations to extract ransom payments or mask other compromise.

Consequently, a cyber attack that makes patient data inaccessible to clinicians, or disables medical devices, could be very damaging to the healthcare industry and, more importantly, to the patients’ health.

Breach costs in the Healthcare Industry

Unlike most industries, the cost of breach in the health care sector is highly sensitive given the nature of the data and is evidence by having the highest cost of breach for the 9th consecutive year, or nearly $ 6.5 million on average, a percentage of over 60% higher than that of other sectors.

The Top Risks in the Heathcare Industry

Cybersecurity Risk

Due to the abrupt nature of the COVID-19 crisis, some organizations, large or small, lack the infrastructure, technology, or policies to ensure endpoints and data are secure outside of the corporate environment. e.g., data loss prevention is not in place, existing infrastructure does not allow security policies/controls to be applied to endpoints not connected to the network, and no secure way to connect remotely.

1. Data Loss

As more people are being forced to work remotely, organizations need to ensure their data is safe and used appropriately. More employees are moving files via a removable store, cloud stage, and emails (corporate/personal) so they can continue to be productive. Without adequate tools and controls like email encryption and data loss prevention (DLP), organizations run the risk of the data being compromised intentionally or unintentionally.


More employees are relying on employees to work on their personal laptops or devices, which may result in the compromise of company data or network as appropriate security such as advanced antivirus solutions may not be in place. Employees need to ensure proper control is in place to protect the data, and policies should be created to provide directives on accessing corporate data and systems.

3. Inadequate Network Monitoring

Having the right visibility to what’s happening on the network is key to being able to prevent, detect, and respond to security incidents. Due to the unforeseen and rapid nature of the COVID-19 pandemic and emphasis placed on getting the business up and running, organizations that did put security monitoring in place are at risk of having undetected security events.

Privacy Risk

With the COVID-19 crisis, employees (prepared or not) are required to utilize video/audio conferencing solutions. Data (confidential, sensitive, or regulated like PIPEDA/HIPPA) are being shared unprotected/unencrypted mostly via email.

Business Risk

Being able to recover from a disaster is critical for a company survivor. Lack of preparedness, inadequate backup, untested DR, and not having a business continuity plan could have a lasting impact if a cyber event compromises organizations. Unfortunately, since a lot of organizations did not foresee and plan for COVID-19 and its impact, they are incredibly vulnerable.

Reduce and Mitigate your Risk

Your organization can quickly benefit from integrated cybersecurity solutions to minimize the negative impacts of the coronavirus situation:

  • 24/7 monitoring and antivirus/antimalware protection of your workstations and servers as well as temporary workstations used by remote employees;
  • Sophisticated email security with artificial intelligence emails to detect URLs and malicious attachments, and block phishing and social engineering, including identity theft, which is growing exponentially;
  • Email encryption tools to secure, exchange and protect sensitive and confidential information with employees and third parties;
  • Interactive and customizable information security awareness platform to educate your employees and ensuring employees are paying heightened attention to phishing attempts, and social engineering and are able to easily identify and report on it;
  • Data loss prevention (DLP) solution with machine learning capabilities to protect your critical, sensitive and regulated data anytime, anywhere, any device;
  • Security Advisory (CISO) to help provide strategic guidance, best practices, and security policies and threat intelligence.

Protect your most valuable assets with the help of our dedicated experts

Contact our team today.

In addition, if you have been victim of a security incident, we invite you to immediately call the VARS emergency service at 514-949-6876 or 514-941-7829. We can help you now.

The link of this page was copied to your clipboard