Learn about ways in which hackers compromise patient and hospital data, and how to solve those problems with strong cyber awareness and security measures

Healthcare – A Top Target

Healthcare – A Top Target

It shouldn’t come as a surprise that the healthcare sector is one of the hackers’ favorite targets. And why wouldn’t it be? Patient data and hospital systems are highly valuable, making them perfect for demanding ransom. Any disruption in the daily operation of a hospital can quite literally be the difference between life and death. And since there are so many assets connected to the network, running critically important devices, hackers know that healthcare organizations would be more willing to pay a ransom to quickly restore to operations.

But did you know that one specific area in healthcare has recently become a hot favorite for hackers? We’re referring to web applications, which may include telehealth services, electronic health records, patient portals, computer-aided design systems for dentists, inventory management systems, health insurance portals, and even online pharmacies, among many others.

What Exactly Are Web Applications?

Web applications, sometimes called web apps, are application-based programs downloaded via the internet from a remote server. A web app is intended for interaction, unlike a website, which is only meant to share information. Examples of web apps include word processors, shopping carts, editors, and online forms.

Why Target Web Applications?

Web apps are like the front desk of any company or organization. While other databases may be on the intranet, these are readily available on any device with an internet connection. Once web applications are compromised, hackers have access to the company’s resources as well as the ability to target all the people who use the application. As a result, they may be able to access hundreds or even millions of users.

Types Of Attacks on Healthcare Web Applications

The same kind of web app threats that affect other sectors is of particular concern to healthcare web applications as well. These include cross-site scripting (XSS), path traversal, SQL injection (SQLi), local file inclusion, cross-site request forgery (CSRF), DDoS assaults, and XML external entity (XXE).

Healthcare Web Application Hacking – A Sad Reality

There have been several instances in recent years that have caused alarm to the healthcare sector, specifically, and the public, generally. In September 2020, attacks on a sizable provider with 400 hospitals and mental health institutions in the US and UK, forced several hospitals to resort to using paper-based records for their information. Patients were occasionally switched around, and services put on hold, but fortunately, no patient or personnel information seemed to have been compromised.

However, other victims were not as lucky. Another a nonprofit hospital network based in San Diego, was attacked in May 2021, resulting in losses and damages of $112.7 million. The incident severely disrupted patient care and compelled clinicians to return to paper records. Additionally, the hackers succeeded in obtaining approximately 150,000 patients’ stolen data.

What Does This All Mean?

With the overall increase in the size and frequency of cyberattacks against healthcare institutions, sitting back and hoping for the best is no longer (nor was it ever) the best option. The stakes are far too high to be shortsighted in how to protect against those with malicious intent. An investment into a comprehensive cyber assessment by a qualified professional is money far better spent than paying out tens of millions of dollars in ransoms, or worse, settling lawsuits potentially ranging from identity theft to serious injury or death. It only takes one lapse for everything to come crashing down.

Zelvin Security

IT Providers vs. Ethical Hackers  

In the diverse landscape of cybersecurity, two distinct yet collaborative providers play pivotal roles in defending your digital space: IT Providers and Ethical Hackers.   While their ultimate goal is to enhance the security posture of organizations, they approach the task…


Investing Wisely in 2024: Cybersecurity 

More digital tools = more cyber risks.  Does your organization use technology? Do you store client, employee, and confidential data?  Few can say no, as business are efficiently scaled using digital tools to automate operations, store data, and communicate internally…


7 Cybersecurity Strategies for 2024

The 7 important cybersecurity strategies you can implement TODAY to help protect your network against malicious hackers.  There were 28,775 known vulnerabilities in 2023, which is the highest ever recorded by National Institute of Standards and Technology in the National…


Can you proactively secure your network with vulnerability scanners? 

39 Cybersecurity experts, including Zelvin Security’s President, Jeff Atkinson, took to LinkedIn to address the effectiveness of vulnerability scanners to proactively protect your network.   What is a vulnerability scanner?  These are software applications that scan a network for known vulnerabilities….


School District Data = Hacker Paychecks

Students looking at computers

K-12 Education Cybersecurity is increasingly more important for school district officials. Security is worth the investment.


What ETEC Members Need To Know About Cybersecurity 

As a proud supporter of the East Tennessee Economic Council (ETEC) community, Zelvin Security presents the following information as a guide to improve the cybersecurity programs of ETEC member organizations. One of the challenges all business leaders face is finding…


Zelvin Security at the Core

Describing the core values of Zelvin Security, a cybersecurity consulting firm

These are the core values that guide the daily work of Zelvin Security, a cybersecurity consulting firm.


The Cost of Ignoring Cyber Risks

Because securing digital assets is as important as locking an office door. Cybersecurity isn’t just a “nice-to-have" - It’s a must to keep your financial health and reputation intact.


How Much Do You Know About Third-Party Vendor Security?

The importance of third party vendor security

Strengthen the cybersecurity of third-party vendors to enhance your organizations security posture. Use the resources in this article as a starting point to implement proactive measures.


A CISO’s Guide to Cybersecurity Budgeting 

skyline with padlock overlay

How to Efficiently Allocate Cybersecurity Funds   The economy has become more reliant on digital assets than ever before. Cybercrime is at its highest. The cost and consequences of data breaches are on the rise.  This means we have to…