Cyber Threats in the Healthcare Sector and Countermeasures

Cyber Threats in the Healthcare Sector and Countermeasures

Muhammad Mashhood Ahmed (De Montfort University, UK), Leandros Maglaras (De Montfort University, UK) and Mohamed Amine Ferrag (Guelma University, Algeria)
DOI: 10.4018/978-1-7998-3648-3.ch007


Healthcare is one of the most targeted industries by cybercriminals. The healthcare sector is far behind in cybersecurity as compared to other organizations. The vulnerabilities in the system open the door for cybercriminals to exploit it and get unauthorized access into the system or network to do a malicious activity. Healthcare should have to take cyber threats seriously and follow a security framework that detects and mitigates cyber threats. This chapter presents all cyber threat actors that exist in the healthcare sector, common cyber-attacks that can be launched against all actors, and real incidents that took place during the past years. Based on these, the authors propose in a tabular form a set of recommendations that can be used as countermeasures against any type of attack.
Chapter Preview


A Cyber threat is a malicious act by an individual or organisation to steal the data and damage the computer, systems and networks. The threats include in cyber-attacks are malware, phishing, denial of services and data breaches. In 1971, Bob Thomas was the first person who created the first virus and named Creeper. He just wanted to create a self-duplicating program. Creeper is a worm which replicates itself and spreads from one computer to another computer. It displayed the phrase “I am a creeper, catch me if you can” on the computer screen. It was not like a today modern era virus who cause damage, steal information, encrypt the files or demand for a ransom (Parikka, 2007). In 1986, Clifford Stoll who was the system administration at the Lawrence Berkeley National Laboratory, notice a suspicious activity in accounting data. He Found out that unauthorised person was hacking in to his system. Robert Tappan Morris is the son of cryptographer Robert Morris. He graduated from Cornell University. In 1988, he did the first cyber-attack with good attention but ended with horrible consequences. He wanted to know how big the internet is so he developed the Morris worm virus which travels the web, installs itself automatically on other systems and then counts how many duplicate copies it created (Orman, 2003). The consequences caused by this worm was a horrible nightmare and it damaged approximately 6000 computers and total estimated damage of $98 million. His program was the first type of cyber-attack called “distributed denial of services”. Morris was charged fines and three years of trial to violate the Computer Fraud and Abuse Act.

There are different types of cyber threat actors who do cyber-attacks for their own benefits or as a revenge from the company. These actors cause damage to the organisations, steal the data or demand a ransom. Cyber criminals are also targeting the healthcare sector because it is an easier task to do. Healthcare sector is spending very limited budget in IT department to secure their systems or networks so there are few back doors for the hackers to get unauthorized access in to the system and cause damage. The systems are not secure because they are using almost out-dated software and old version of operating systems.

The main reason for targeting the healthcare sector is that the patient sensitive information is valuable and worth a lot of money. It is more valuable than the credit card and provides a decent amount of money to hackers if they sell the information. Cyber criminals also use the information to make fake ID to take full advantage of the healthcare facilities and claim the insurance as well.

There are many cyber-attacks are happening in the healthcare sector which are causing a lot of damages economically and reputation. For example, in UK, USA and many other countries healthcare sector was hacked and the damage it causes was too much. In most cases data breaches and ransomware attacks took place. Common impacts on the healthcare sector when an incident happened were loss of reputation and patient’s trust, compromised medical data and risk of patient safety. Newly trends of cyber-attacks are hackers that sell out the medical information on the black market. Ransomware and phishing emails both are the most attack happen in the healthcare sector cause data breach and loss of billions of dollars.

The UK has identified sixteen critical infrastructure sectors including the healthcare and protection of these infrastructures is very important. The UK and every other country must use a security framework in order to detect and mitigate the cyber incidents. NIS directive is the cyber security law implemented across the EU countries. The objective of the directive is to create a common framework that EU countries can use in order to detect and protect the systems and networks from cyber-attacks (Maglaras, 2018).

When people are aware about the cyber threats and know how much damage they cause then they are ready to take action that could mitigate these attacks. There are many different ways to mitigate cyber-attacks which are really helpful in order to secure the systems or networks. In this chapter, different types of countermeasures are discussed and also their advantages and disadvantages as well. Once a healthcare provider is secure the can be more competitive against their competitors (Makarona E, 2019), (Kavoura A. a., 2017) and should incorporated in the strategic design of new co mpanies in the field (Kavoura A. a., 2016).

Key Terms in this Chapter

ICT: Information and communication technology.

ENISA: European Union Agency for Cyber Security.

IDS: Intrusion detection system.

CSIRT: Computer security incident response team.

IPS: Intrusion prevention system.

Complete Chapter List

Search this Book: