Call or Text 877.840.2444

5 Types of Hospital Cyberattacks

5 Types of Hospital Cyberattacks

October 25, 2019 Posted by in Business Continuity, Mass Notification

Nearly 55% of healthcare companies in the U.S. claimed that they faced cyberattacks. According to the 2018 Horizon Report, almost 100% of all web applications that are connected to critical health systems are vulnerable to cyberattacks.

While U.S. hospitals are doing more to prepare against these attacks, it seems like there’s going to be hardly any respite. According to a report, ransomware attacks are expected to quadruple by 2020. Now that you know how serious the condition is, let’s look at some of the common cyberattacks faced by hospitals.

1. Ransomware

Ransomware is malware and was all the rage in 2016 when it hit several huge organizations around the world. It grew even bigger in 2017 when it hit computers running Windows across the world. In this attack, the hacker infiltrates the hospital network and then accesses the data. The data is subsequently copied and encrypted. Once the encryption process is complete, the original data is deleted, and the only way to access the encrypted data will be by paying a ransom.

In such a situation, it’s almost impossible for any system to function efficiently with most online tasks needing to be done over the phone or fax. The hackers usually demand a huge ransom for every infected device.

In the case of Hollywood Presbyterian Medical Center, the hackers demanded $17,000 to restore the applications to their functional state. The attack made it impossible for physicians to access medical records for over a week.

2. Phishing

Phishing is one of the most common modes of cyberattacks in which your computers get infected. In this, you may be presented with a seemingly innocent-looking malicious link. Upon clicking it, your system will instantly get infected, and it’ll start spreading to other connected devices.

In this type of cyberattack, your personal information may get compromised. The University of Washington Medicine was hit by this sort of attack in 2013 when hospital employees received the phishing links.

The attack was discovered within a day, but the information of 90,000 patients was compromised within this time. This included their names, phone numbers, Social Security numbers, and birth dates.

3. DoS Attack

DoS attack stands for Denial of Service attack where the hackers try to make digital assets inaccessible to their users. The disruption caused by the cybercriminals may be temporary or of longer durations. When the host connects to the internet, the hacker can start overwhelming the device with truckloads of requests. Through this, they attempt to stop or slow down the legitimate requests that the user wants to be fulfilled.

Additionally, the incoming traffic comes from multiple sources at the same time so it’s nearly impossible to stop it by blocking a single source. Children’s Hospital Boston was one of the victims of such an attack by the hacktivist group “Anonymous.”

They started attacking the hospital’s network slowly in April 2014 and conducted three strikes. The first strike was relatively slow; the second one was slightly powerful but was mitigated. However, the third strike reached nearly 28 Gbps and tried to penetrate the hospital’s network and also launched phishing emails. The attack crippled the hospital’s systems for over a week and also affected another local nonprofit.

4. SQL Injection Attack

A Structured Query Language (SQL) injection attack allows cybercriminals to run malicious SQL queries to takeover your database server. They may try to inject SQL statements into the data-entry fields as a text box in online forms. Through this, they can trick the system into revealing its data or manipulating it.

Moreover, they can pass through the approval and validation processes of web applications and get direct access to data. They can also add, modify, or delete any data from the database. This can make all your personal information, intellectual property, customer information, and trade secrets vulnerable.


MEDJACK, also known as medical device hijack, is a type of cyberattack that specifically targets medical devices that are integrated with applications. The main devices targeted are ones that don’t aren’t well protected.

This makes it easy for cybercriminals to find backdoors to access the system and steal data. As nothing seems to look abnormal, the attack may go undetected for months too.

UCLA Health was one of the biggest victims of such an attack. It exposed the personal data of over 4.5 million patients and went undetected for over a year. Data, including names, birth dates, health plans, and Medicare numbers was leaked.

It was easy for the hackers to get this data as it wasn’t encrypted when it passed from the medical devices to the health record. This attack in 2014 led to many lawsuits against the hospital.

One reason why hospitals can’t secure the medical devices is that the hospital’s security team can’t access the software of the devices. However, regulations have been put in place to ensure that external access to the software is blocked.

Final Thoughts

Hospitals face various crises throughout the day. However, cyberattacks on hospitals have become more common than ever, and it’s necessary to be prepared to fight them off. You need to educate your employees so that they can differentiate between a genuine email and one with phishing links. It’s also essential to secure your medical devices and encrypt data as much as possible.

You must also take all steps necessary to back up useful data so that you don’t end up being held at ransom for it. In case of a cyberattack, you should consider using the Redflag app to send out alerts to your staff to minimize the damage.

What are the other forms of cyberattacks faced by hospitals? Let me know in the comments.

Recovery Checklist Whitepaper Blog

Ready to Get Started?

See how RedFlag can help you protect what matters most with a 15-minute custom demo.