There is an unspeakable plague the healthcare system struggling against – malicious cyber campaigns targeting every healthcare facility of any size. In the past 12 years, the healthcare sector suffers from exponential growth in the number of cyber-attacks threatening their systems.

The attacker’s prime incentive consists of disruption, turmoil, and data. A successful breach can potentially have chaotic outcomes; From sensitive data exfiltration (i.e., social security numbers, financial data, medical records, etc.), to tampering with medical records’ integrity, all the way to taking over critical systems, and shutting down hospitals across vast regions. If medical systems or equipment vital to patient care are compromised, or blocked, they might jeopardize the patient’s well-being.

Infuriatingly, decision-makers in the healthcare system avoid addressing the severity of the threat or allocating additional resources the system so desperately craves for. Such neglection already resulted in tragic results that affected patients around the world. And with more state-sponsored actors and cybercriminals developing sophisticated aggressive tools, the menace of a nationwide-scale cyber pandemic is very tangible.

In this four-part series, we shall explore the decades-long relationship between hackers and the healthcare sector, the deliberate neglection by governments, and how it put everyone’s lives at risk when attending the hospital for checkups or medical procedures.

When cyber-attacks become a pandemic

Healthcare organizations are the target of choice by many hacker and cybercriminal groups.

For more than a decade cybersecurity experts and government officials remonstrate the healthcare ecosystem against the increasing wave of direct cyber campaigns. Sadly, year after year the number of infected facilities keeps increasing. Those campaigns are more frequent and possess a more forceful attempt for data exfiltration and equipment tampering. The system faces two fronts: conventional financial & reputation risks as well as life-threatening threats.

The potential for endangerment is overwhelming. Reports show that in the United States alone more than four million people were affected by cyber incidents in the first quarter of 2022 only.  According to a Checkpoint report, The Healthcare sector was the most targeted industry for ransomware during the third quarter of 2022 suffering from an average of 1,426 weekly attacks – illustrating a staggering 60% year-over-year growth.

Irreversibility – When Ctrl + Z doesn’t work

Time is a critical resource for hospitals. A facility that’s unable to access medical records in a reasonable time or reliably authenticate its equipment endangers patients’ life.

As available data is indispensable for hospital ongoing activity, The healthcare sector stores at any time a massive amount of sensitive information.

Falling into the wrong hands, such information can be leaked or sold over the dark web to the highest bidder. Things get more complex if medical records, which are vital for a therapeutic sequence, are blocked from access, causing the level of treatment will decrease and the treatment period shall prolong. The snowball effect of the accumulated queue will force the facility to stop providing further medical care.

There is no need to wait for the next WannaCry variant to hit the streets (and it will), as even mediocre hackers with known exploiting tools can cause a nationwide crisis. All it takes is one unaware staff member that opens an email containing malicious code hidden inside an innocent-looking file.

To make a long story short, attacks would cause hospitals inability to function, while all ambulances and patients would have to be diverted to other facilities in the region that will experience an influx of patients, stretching their capacity, and putting more lives in jeopardy.

The 2017 WannaCry ransomware took down many hospitals that were unable to provide treatment for days. In November 2022, a ransomware attack in Sothern California affected the operations of five hospitals in the San Diego area for about a month. Even cases when a breach resulted in death.


In 2020 a German woman was reported dead after being forced to reroute to a remote hospital and died from treatment delays, simply because her nearest hospital was shut down due to a ransomware attack.

In September 2021 a hospital in Alabama, USA was served with a lawsuit holding them accountable for a baby’s death as a result of a ransomware attack.

The lawsuit claims that a ransomware attack that shut down hospital computers led staff to miss troubling signs, followed by severely diminished care to a mother who arrived to deliver her daughter. The doctors and nurses skipped conducting several key tests that would have indicated that the umbilical cord was wrapped around the baby’s neck. As a result, the mother delivered a baby with a severe brain injury that died nine months later. furthermore, the hospital failed to inform the mother about the attack in real time, which could allow her to deliver the baby at a different facility.

This lawsuit raised fundamental issues concerning healthcare executives’ responsibilities. Their professional commitment is not only to recruit the best doctors and nurses but also includes areas like building and maintaining secured IT infrastructure.

In the next part of “How to prevent the next CyDemic”, we shall explore additional angles and discover new trends in healthcare cyber security.

Read Part II |
Read Part III |
Read Part IV