Healthcare Industry Hit with Most Cyberattacks in 2022

Hospitals and other healthcare facilities suffered from 1410 weekly cyberattacks per organization.

By Mackenna Moralez, associate editor
January 17, 2023

Global cyberattacks increased by 38 percent in 2022, a recent study by Check Point Research found. According to the report, the number of attacks were driven by smaller, more agile ransomware groups that exploited collaboration tools used in work-from-home environments. However, more hackers took interest in hospitals and other healthcare facilities in 2022. The sector had the largest increase in cyberattacks compared to other industries, suffering from an average of 1410 weekly cyberattacks per organization.  

The study suggests that cyber groups have taken to attack hospitals and other healthcare facilities because they are perceived to lack proper cybersecurity resources, leaving them more exposed and understaffed to handle a sophisticated attack, making them more likely to payout ransom. Meanwhile, attacking hospitals can earn them attention and notoriety amongst other ransomware gangs.  

With more hospitals planning on implementing new technologies, it is expected that the number of attacks will increase will into 2023. It is imperative that healthcare facilities remain vigilant when it comes to their cybersecurity protocols. Without a cybersecurity program in place, hospitals and other healthcare facilities are at risk. These attacks can take down a majority of IoT infrastructure, and most of these devices now in hospitals have a risk factor that is considered critical. Devices with critical vulnerability can greatly affect patient safety, data confidentiality, and service ability. 

The FBI, CISA and HHS urged healthcare organizations to implement the following measures to protect against malicious activity:  

  • Install updates for operating systems, software, and firmware as soon as they are released. Prioritize patching virtual private network (VPN) servers, remote access software, virtual machine software and known exploited vulnerabilities. Consider leveraging a centralized patch management system to automate and expedite the process.   
  • Implement and enforce multi-layer network segmentation with the most critical communications and data resting on the most secure and reliable layer.   
  • Limit access to data by deploying public key infrastructure and digital certificates to authenticate connections with the network, Internet of Things (IoT) medical devices and the electronic health record system, as well as to ensure data packages are not manipulated while in transit from man-in-the-middle attacks.   
  • Use standard user accounts on internal systems instead of administrative accounts, which allow for overarching administrative system privileges and do not ensure least privilege.   
  • Protect stored data by masking the permanent account number when it is displayed and rendering it unreadable when it is stored through cryptography, for example.   
  • Secure the collection, storage and processing practices for PII and PHI, per regulations such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Implementing HIPAA security measures can prevent the introduction of malware on the system.   
  • Use monitoring tools to observe whether IoT devices are behaving erratically due to a compromise.   
  • Create and regularly review internal policies that regulate the collection, storage, access, and monitoring of PII/PHI.  

Mackenna Moralez is the associate editor of the facilities market. 

See the latest posts on our homepage Share

Topic Area: Information Technology , Safety , Security

Recent Posts
Recent Posts

California Funds Security for Reproductive Health Facilities

Grants will fund physical and digital security enhancements at healthcare facilities and practitioner offices that might be the target of violence and vandalism.


Methodist Hospital Emergency Department Doubles in Size

The three-year project saw the renovation and expansion of the Methodist Hospital Emergency Department completed.


UCLA Health Alerts Patients of Compromised Data

An analytics tool may have captured and transmitted health data to the third-party service providers.


Healthcare Facilities Embrace Modular Construction

Healthcare facilities have leaned on modular construction for quick builds with less waste.


UPMC Western Behavioral Health Opens New Facility to Increase Community Access

The new facility will expand UPMC’s behavioral health services.



News & Updates • Webcast Alerts • Building Technologies

All fields are required.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

You Might Like