Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Cybersecurity NewsHospitals & Medical Centers

Don’t Let Cyber Attacks Hold Your Patients Hostage

By John Hesselmann
ransomware-enews
March 27, 2018

As our society has become increasingly reliant on IT services, our ability to protect our personal, financial and healthcare data has become equally important. According to the Institute for Critical Infrastructure Technology, the healthcare sector fell prey to more cyber incidents through data breaches than any other critical infrastructure area in 2015. The healthcare industry is rife with vulnerabilities for exploitation given the complexity and diversity of the healthcare ecosystem, which includes public and private players large and small as well as connected medical devices and software systems.

In May, the UK’s National Health Service (NHS) made headlines when their networks succumbed to the global WannaCry ransomware attack, which infected more than 400,000 computers worldwide and demanded payments of $300 to $600 to restore access to data on each scrambled system. While IT and executives deliberated on what to do, doctors and health practitioners were forced to revert to pen and paper after the attack impaired key systems. The New York Times reported that some affected hospitals turned away patients, delayed lab results and even cancelled surgeries, revealing just how acutely cybersecurity issues in the healthcare industry become patient safety issues.

IT spending in healthcare has increased, and governments are taking action to establish measures to protect our most vital data, yet cyberattacks continue to increase. Symantec’s annual Internet Security Threat Report found that security incidents within healthcare were the second-highest contributor in affected services industries in 2016, outweighed only by incidents in business services. Moreover, cyber criminals are escalating demands. The report also found that average ransoms in 2016 rose to $1,077, a $294 year-over-year increase. To help protect healthcare systems, patients, and staff from cyberattacks, executives should employ the following proactive methods.

 

Recognizing an Attack

Ninety-one percent of cyber-attacks start with a phishing email, according to a study by PhishMe. Email scams frequently attempt to trick a target into clicking an email link, which launches malicious software that compromises the security of the network. The FBI estimates that compromised email accounts for $3.1 billion in losses per year worldwide. To prevent an attack, it’s important to train your workforce to look for the three most common types of email hacks:

  • Fake email coming from a company executive or colleague
  • Fake invoice from a supplier whose email address has been spoofed
  • Fake email from an attorney requesting funds or information about a deal

Even if the target doesn’t send a payment or transfer funds in response to the email, simply clicking a link in a phishing email can cause a chain of events that compromise the network.

 

How Data Gets Held Hostage

Ransomware is a malicious type of software used by cyber attackers that can harm or disable computer systems until hackers receive a payoff. The healthcare industry is especially targeted because it is “rich in personally-identifiable information… and the results of a successful attack can be dire – including risk to patient care,” noted the Report on Improving Cybersecurity in the Health Care Industry. According to PhishMe, these types of attacks are up 400 percent since 2016.

Ransomware works by tricking the target into opening a fake email and then clicking on a link or attachment that infects the system and locks the user out of the computer system or network until a ransom is paid. Unfortunately, paying the ransom doesn’t ensure a fix, as evidenced by the recent Petya ransomware attack, which hit 65 countries in June. In the case of ransomware attack, it’s important to increase healthcare industry readiness through improved cybersecurity awareness and

education, including:

  • Implementing security patches – Every time the operating system or security software asks if it can run a system or security update, promptly follow through.
  • Backing up data – Back up files remotely every day on an external hard drive not connected to the internet.
  • Using an antivirus program – Antivirus programs can scan files to see if they might contain ransomware. Run the program automatically before downloading files.

 

Bolstering Defenses

The best protection against email fraud is to employ multiple lines of defense. While upgrading software and backing up data is critical, training the healthcare workforce to spot warning signs is the most important proactive measure. Empower your staff to:

  • Be cautious. Flag suspicious emails to IT. Additionally, never reply or open links and files within suspicious emails.
  • Remain cognizant and alert your bank to unusual requests. It’s essential to inform your bank of suspicious activity so proper action is taken to stop or prevent a financial transaction.
  • Remove every “dirty” PC. If a laptop or PC is compromised, remove it from the company’s network until it has been cleansed of malware.

Ideally, every healthcare organization should develop processes to teach their workforce and patients to recognize potential cyber-attacks via trainings and simulations. According to PhishMe, susceptibility to phishing email drops almost 20 percent after an organization runs just one simulation. Proactive education across the healthcare ecosystem is a necessary line of defense to recognize a potential cyberattack or ransomware intrusion, and can prevent compromised private patient information, prevent monetary losses, and ultimately, spare organizational delays in delivering care.

KEYWORDS: cyber risk management healthcare cybersecurity ransomware

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Hesselmann
John Hesselmann is the Global Commercial Banking Specialized Industries executive for Bank of America Merrill Lynch. In this role, he is responsible for leading national teams that focus on serving clients in specialized sectors including healthcare, not-for-profit, higher education, dealer financial services, restaurant finance, sports finance and middle market sponsor finance.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • From the ER to the Executive Suite, Hospitals Tighten Up

    Don’t let your guard down over IT security during the pandemic

    See More
  • Face mask pandemic

    Survey finds most COVID-19 patients don't know who infected them

    See More
  • scam alert

    Don’t let IVR fraudsters exploit COVID

    See More

Related Products

See More Products
  • 1119490936.jpg

    Solving Cyber Risk: Protecting Your Company and Society

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • 9780367339456.jpg.jpg.jpg

    Cyber Strategy: Risk-Driven Security and Resiliency

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!