Cybersecurity in Healthcare: Protecting Patient Data

Do you remember that Grey’s Anatomy episode when a hacker holds patients’ information hostage in exchange for millions of dollars? Well, that can happen in real life.

Cybersecurity threats are on the rise in the healthcare industry. From phishing to ransomware to the takeover of connected medical devices, cybercriminals are taking advantage of vulnerabilities in healthcare networks to wreak havoc and steal data. Unfortunately, these threats can have a significant impact, especially when bad actors steal patient identities or interrupt life-saving care.

They also pose a drastic risk to financial stability, as data breaches can result in regulatory fines and penalties as well as lawsuits from patients.

Discover the threats and unique challenges healthcare organizations face in the cybersecurity landscape and how cybersecurity professionals are helping businesses across the sector overcome them.

Cybersecurity threats in healthcare

Healthcare professionals regularly collect large quantities of personally identifiable data from patients. It’s no wonder that hackers love the healthcare system.

Even though 79% of healthcare teams believe cybersecurity challenges are at an all-time high, 75% of healthcare organizations are experiencing cybersecurity staffing shortages. Less than half believe their organizations are prepared for future risk.

This is a major problem not only for patients but also for organizations tasked with complying with healthcare information privacy laws like the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Personal Health Information Protection Act (PHIPA).

With that in mind, here are some of the cybersecurity issues the healthcare industry faces and the impact they often have on organizations.

Key statistics of cyber attacks in the healthcare industry and their impact


Phishing happens when bad actors pretend to be legitimate companies and attempt to trick healthcare workers into clicking malicious links and providing account information. Once the hacker has this information, they can access the system to steal protected health information, causing costly data breaches.

Spear phishing

While phishing aims to target large groups en masse, spear phishing is much more precise. When spear phishing, the hacker picks no more than a few specific targets (often just one), usually high-ranking individuals with access to sensitive data or the authority to use company finances.

These bad actors then use social engineering to deceive that person into giving up their credentials, installing malware, or paying money. And because spear phishing attempts are thoroughly researched and targeted to specific individuals, these attacks can look incredibly realistic.


These types of attacks happen when hackers infiltrate a system and encrypt files without anyone knowing. They then demand large sums of money from the healthcare organization to get their files back.

Jennifer Silver, Dentist and Owner of Macleod Trail Denta, says ransomware could lead to severe disruptions to operations.

“If our systems fell victim to ransomware, it [would be] impossible to access patient records or conduct essential tasks such as appointment scheduling and billing,” she says. “Furthermore, paying the ransom doesn't guarantee the safe recovery of our data and could expose us to further risks.”

This is the same type of attack that our heroes at Grey Sloan were under. And while Grey’s Anatomy is a work of fiction, the attack’s ramifications could happen in real life—as Allscripts, a vendor of electronic health record systems for physicians, hospitals, and healthcare systems learned in 2018. They were hit with a ransomware attack that left their data centres crippled, leading to thousands of hospitals and facilities unable to access patient information.

Insider threats

Insider threats arise when healthcare workers unintentionally or maliciously expose or share data with people who shouldn’t have it. This is considered a data breach and can lead to hefty fines and penalties for the organization and financial losses for patients due to identity or credit card theft.

Internet of Things (IoT) attacks

As healthcare technology advances, more organizations use connected devices to deliver precise, accurate patient care and human services. However, such IoT devices also increase an organization’s attack surface, giving hackers more entry points into the system.

Other threats

In addition to these risks, Silver believes denial of service (DoS) attacks are a persistent issue because they could disrupt the normal functioning of a clinic's network or systems by flooding them with excessive traffic, rendering essential services inaccessible to our staff and patients.

This can cause delays in appointments and treatments, resulting in upset patients as well as putting the business’s reputation at risk.

“Prolonged disruptions caused by a DoS attack could have financial implications for our clinic and damage our reputation for reliability and professionalism,” she explains.

Step into the critical field of healthcare cybersecurity with the skills and knowledge from our dedicated Bootcamp.

Unique cybersecurity challenges in healthcare

While the goal of cybersecurity is the same throughout all sectors, the specific challenges are different in each industry. Some of the unique hurdles of healthcare cybersecurity include:

Changing regulations

Andrew Lugsden, security consultant at Forge Secure, says regulatory changes impact cybersecurity strategies in healthcare all the time.

“While changes in regulatory requirements may seek to improve the security of healthcare institutions, many may find changes to processes or technology requirements difficult and slow to implement,” he says. “[This results] in organizations falling behind their required targets without additional funding being provided alongside any regulatory changes.”

High-value data

There are few other industries where a hacker can get their hands on so many details about a person all at once.

Patient files are considered high-value data because they include insurance policy numbers, birth dates, addresses, billing information, and more. Some experts estimate that these files are worth 10 times as much as credit card information alone, which is why bad actors relentlessly pursue them.

Interconnected devices

Many medical devices can now connect to the internet. This capability enhances patient care efficiency and accuracy, but it also gives hackers more potential entry points to a system.

Healthcare providers often use multiple mobile devices to record patient data as they move throughout the hospital or work at home, which only increases the potential for a serious data breach.

Legacy systems

Many hospital networks and IoT devices run on outdated firmware with insufficient security mechanisms and protocols, leaving systems vulnerable to attack. Penny Longman, the Director of Information Security and Data Stewardship at Fraser Health Authority, discussed this issue in a recent Lighthouse Labs Navigator Series interview.

“We still have devices running Windows XP because of the nature of this cycle,” says Longman. “It's better software design, better application security, better architectural design” that will be most important in the future.

In her view, the central question of cybersecurity is, “How do we design and develop and retrofit better systems as opposed to bigger and bigger and bigger SOCs?”

Consequences of cybersecurity breaches in healthcare

Healthcare data breaches can negatively impact patients, workers, and institutions in numerous ways.

Compromised patient safety

Healthcare providers rely on quick access to accurate patient data to provide safe and comprehensive care. Medical devices also need the correct information to operate accurately and according to each patient’s needs. When a system is disrupted or data becomes compromised, medical mistakes can occur, leaving patients vulnerable.

Financial losses

According to IBM’s 2023 Cost of a Data Breach report, the cost of healthcare data breaches has risen 53% since 2020.

The healthcare sector continues to incur the highest cost for data breach cleanup at $10.93 million. This could represent any number of financial obligations, including ransomware demands, communicating with affected patients, lawsuits, and even compliance fines and penalties.

Reputational damage

Patients put a great deal of trust in hospitals and healthcare systems. Data breaches can cause them to lose that trust, which can in turn lead patients to raise concerns about their safety and privacy and may cause them to seek care elsewhere. Unfortunately, such reputational damage can result in even more lost revenue.

Best practices for healthcare cybersecurity

Before any healthcare organization implements a single cybersecurity protocol, its leaders must ensure that their teams are conducting regular risk assessments.

Doing so allows cybersecurity professionals to understand the specific threats the organization faces, the probability of an attack, and the impact that attack might have. They can then prioritize threats and create an effective incident response plan. Once that plan is in place, healthcare organizations can begin strategically deploying robust security controls that offer a layered defence plan that effectively mitigates unscrupulous activity from bad actors. These measures may include:

  • Firewalls to keep unnecessary or malicious traffic out of your network
  • Antivirus programs that detect and remove malicious software
  • Encryption that scrambles data to protect it from being stolen
  • Multi-factor authentication that requires additional verification to grant access
  • Role-based access-control measures that restrict which employees can access sensitive information or applications
Discover the key skills and knowledge our Cybersecurity Bootcamp offers for healthcare cybersecurity roles. Download our curriculum today.

The role of training and awareness

Ongoing training and security awareness are vital for effectively combating cyber attacks. This is clearly the case for non-technical employees, but it’s just as important for cybersecurity professionals.

Because technology evolves rapidly (as evidenced by the rise of AI), threats are constantly changing. All healthcare industry employees must stay up to date with the security tactics needed to successfully navigate a shifting threat landscape and properly safeguard sensitive information.

Due to the rise in cyber threats, there’s a lot of demand for cybersecurity positions in healthcare. This means many training program graduates can obtain coveted tech roles like:

  • Incident Responders (Blue Team)
  • Threat Hunters (Red Team)
  • Compliance and Governance Officers
  • Risk Assessment and Management Roles (such as Security Analysts)

Lighthouse Labs’ Cybersecurity Bootcamp

Lighthouse Labs' Cybersecurity Bootcamp is run and taught by cybersecurity experts who give students the hands-on experience they need to understand and respond to today’s most imminent cyber threats. During a 12-week or 30-week Bootcamp, students have the opportunity to learn about everything from encryption and forensics to network security and incident response.

Students who complete the Bootcamp walk away with a firm understanding of blue team (threat defence) functions, making them better prepared to take on roles in the healthcare sector. They gain the skills needed to work as security analysts, incident responders, security researchers, and more. All these skills equip learners to defend against cyber attacks in the healthcare industry.

Wondering how to launch your cybersecurity career in healthcare? Our Admissions team is ready to guide you through your options and opportunities.


What was the biggest cyber attack in healthcare?

The biggest healthcare data breach to date occurred on January 29th, 2015. Health insurer Anthem/Blue Cross announced the theft of 78.8 million patient data records. According to the U.S. Department of Health and Human Services, the breach resulted in a $16 million HIPAA settlement.

Why is cybersecurity important for medical devices?

Many medical devices are connected to the internet, which makes them inherently vulnerable to attacks. These devices often run outdated firmware with insufficient security protocols and configurations, making it all the more important to provide robust security that protects sensitive information.

What is true about cyber threats in healthcare?

One notable fact about cyber threats in healthcare is that they pose more of a financial risk today than ever before, with the average data breach costing healthcare organizations around $10.93 million.

What is a cybersecurity health check?

A cybersecurity health check is essentially an audit that helps organizations identify and prioritize their security vulnerabilities and devise an appropriate plan of action to mitigate them.