The healthcare sector has been under tremendous pressure with the increase in the number of those afflicted due to the COVID-19 pandemic and cybercriminals have left no stone unturned to take advantage of this situation.

The numbers speak for themselves

  • As of August 13, 2020, the Department of Health and Human Services' HIPAA Breach Reporting Tool has recorded 302 major healthcare breaches impacting nearly 8.7 million individuals.
  • Magellan Health, one of the Fortune 500 companies, was struck by a ransomware attack in April 2020. In mid-August, Magellan Health confirmed that about 1.7 million individuals have been affected so far by the April cyberattack.

Healthcare sector allures more

It is often the case that medical facilities have a weaker implementation of security measures as compared to other industries such as banking and financial networks, IT, and e-commerce.

Threat actors in the field

The sector has witnessed a wide variety of cyberattacks, including phishing campaigns, ransomware attacks, unauthorized data access, and mishandled health record disposals.
  • APT29 group had attempted to steal coronavirus related research and intellectual property from healthcare research organizations, universities, researchers, etc. to steal coronavirus related research secrets between May and July.
  • Several other malware and threat actors including FritzFrog, Bazar Backdoor, Hakbit, Evil Corp, etc. were found targeting the healthcare sector (along with some other targeted sectors).
  • Ransomware like Netwalker (Center for Fertility and Gynecology, Lorien Health Services), Maze ransomware (Regis Healthcare), etc. also created havoc among healthcare organizations. 
  • Beaumont Health witnessed a phishing attack, when some email accounts have had unauthorized access between January 3, 2020, and January 29, 2020.


A large number of data breach incidents and impacted victims indicate that the healthcare industry should not be lulled into a false sense of security. They still have a great deal of work to do when it comes to securing their infrastructure, such as locking up remote connections, properly disposing documents, and educating users to prevent the frequently observed phishing attacks as well as delays in detection and breach notifications.

Cyware Publisher