The top 10 hospital cyberattacks over the last 10 years

In the past ten years, cyberattacks on hospitals have increased in frequency. Due to the abundance of sensitive financial and personal data that hospitals store, the healthcare sector is a popular target for hackers. These attacks can have devastating effects, including the loss of vital data, a halt in business operations, and in extreme circumstances, even human life.

The top 10 hospital cyberattacks over the previous ten years are listed below.

  1. the 2017 WannaCry ransomware attack.

One of the biggest ransomware attacks to date, WannaCry affected over 200,000 computers across more than 150 countries. As patient data and medical records were encrypted by the malware, rendering them inaccessible to hospital staff, the attack was especially harmful to hospitals. Hospital operations were severely disrupted as a result of the attack, which delayed patient care and put lives in danger.

2. 2015 saw the data breach at Anthem.

One of the biggest US health insurance companies, Anthem, experienced a data breach in 2015 that resulted in the compromise of the personal information of 80 million patients. It was a prime target for identity theft because the breach exposed social security numbers, birth dates, and addresses.

3. Dragon-sponsored operation (2012).

Hospitals were among the healthcare organizations in the US that were targeted in 2012 by the Chinese hacker collective “Comment Crew.”. Sensitive data including patient records, financial information, and designs for medical equipment were taken by the group. The assault was a part of a larger operation called “Operation Sponsored by the Dragon,” which hit a number of industries, including healthcare.

4. Data breach at UCLA Health System.

Over 4 million patients’ personal data were compromised in a data breach that targeted the UCLA Health System in 2014. An employee’s email account was used by a hacker to access the system, which led to the breach. Social security numbers, birth dates, and addresses are examples of sensitive data that the assailant was able to steal.

5. ransomware attack (2016) on Hollywood Presbyterian Medical Center.

In 2016, a ransomware attack targeted Hollywood Presbyterian Medical Center, encrypting its computer systems and preventing hospital staff from accessing patient data. To regain access to its data, the hospital was required to pay a ransom of 40 Bitcoins, which were worth around $17,000 at the time.

6. Breach of data at Community Health Systems (2014).

Over 4 million patients’ personal data were compromised in a data breach that the Community Health Systems experienced in 2014. A hacker who entered the system via a third-party vendor was responsible for the breach. Social security numbers, birth dates, and addresses are examples of sensitive data that the assailant was able to steal.

7. Cyberattack on Blackbaud (2020).

Hospitals among other healthcare organizations, including the cloud-based software provider Blackbaud, experienced a data breach in 2020. Millions of patients were at risk of identity theft as a result of the breach, which saw sensitive data like social security numbers, birth dates, and addresses stolen.

8. Ransomware attack on MedStar Health. (2016)

A ransomware attack that encrypted the computer systems of the MedStar Health system in 2016 prevented hospital staff from accessing patient data. The attack severely disrupted hospital operations, which delayed patient care and endangered lives.

9. 2019 data breach at MultiCare Health System.

Over 500,000 patients’ personal data were compromised by a data breach at the MultiCare Health System in 2019. A hacker who used an employee’s email account to access the system was responsible for the breach. Social security numbers, dates of birth, and addresses were among the private data the attacker was able to take.

10. Data breach at Memorial Healthcare System (2019).

Over 115,000 patients’ personal data were compromised in a data breach that occurred at Florida’s Memorial Healthcare System in 2019. A third-party vendor who was using the system for maintenance purposes was the culprit of the breach. Due to the vendor’s credentials being compromised, the attacker was able to obtain private data including addresses, dates of birth, and social security numbers.

These cyberattacks show how susceptible the healthcare sector is to them and how urgently necessary it is for hospitals to take preventative action to safeguard patient information. The effects of these attacks may be severe and far-reaching, resulting in the loss of operations, the theft of private data, and in some extreme cases, even human life.

It’s crucial to implement strong security measures, such as installing firewalls, encrypting sensitive data, updating software frequently, and teaching staff to spot and report suspicious activity, to prevent cyber attacks on hospitals. A thorough incident response plan should also be in place at hospitals to ensure a quick reaction to any potential breaches. Hospitals can safeguard patient data and avoid a lapse in vital medical care by taking these precautions.

Medical Device Software Security

In today’s healthcare, medical devices are crucial tools. They are employed in the diagnosis and treatment of patients, the monitoring of vital signs, and the gathering and storage of private patient data. Medical devices are, however, becoming more susceptible to cyberattacks as they become more sophisticated and connected. The integrity of the healthcare system as a whole is seriously threatened, as well as patient safety and privacy. Making sure that their equipment is secure and that patient data is protected is therefore crucial for medical device manufacturers and healthcare organizations.

Threat Environment for Medical Devices.

Medical device security threats are constantly changing. Malware attacks, network intrusions, and unauthorized access to patient data have all occurred in recent years as part of numerous high-profile cyberattacks on medical devices. Some of the main dangers to the security of medical devices include:

Malware: Malware, including viruses and Trojan horses, can infect medical equipment and cause it to malfunction or steal private data.

Network breaches: Healthcare networks, which are susceptible to cyberattacks, frequently connect medical devices. If a network is breached, an attacker might be able to access the medical devices connected to the network and take private patient data.

Access without authorization: Medical equipment may hold private patient data, including test results, medical histories, and health records. Unauthorized access to this data may result in privacy violations, identity theft, and financial fraud.

Supply chain attacks: During any stage of development and production, including the acquisition of components, creation of software, and distribution of devices, medical devices may be subject to cyberattacks.

Employees who have malicious intentions are an example of an insider threat that can seriously jeopardize the security of a medical device. An employee who has access to confidential patient information, for instance, could steal that information or tamper with medical equipment to harm patients.

Medical Device Security Regulatory Frameworks.

Depending on the kind of device and the nation where it is used, various regulatory frameworks may apply to medical devices. The following are a few of the main legal frameworks for medical device security.

FDA’s Cybersecurity for Medical Devices Guidance: The FDA is the primary American regulatory body for medical devices. It has released cybersecurity guidance for medical device manufacturers and healthcare providers, which offers suggestions on how to secure their products and safeguard patient data. The recommendations cover a wide range of topics, including risk assessment and management, device authentication and access control, data encryption and protection, and software security (Food and Drug Administration, 2019).

Health Insurance Portability and Accountability Act (HIPAA): HIPAA is a U.S. S. a piece of legislation that establishes guidelines for the protection of PHI. It covers medical equipment that manages PHI, including electronic medical record systems and personal health record gadgets HIPAA demands.

Protect Your Network from Ransomware Attacks

In 2016, there were more than 638 million ransomware attacks. Ransomware software is one of the most dangerous malware attacking software that has surfaced in recent years. It has crippled networks in public healthcare, banks, universities, defence installations and what not. Millions of systems have been affected around the globe. The use of this particular virus is widespread because you don’t require any coding or programming experience to launch attacks through it. It is openly available for download and reuse in hacking circles prevalent on the dark web. There are even basic hacking teams offering their services of Ransomware attacks and charge a certain amount to you. Since payment is made via cryptocurrency, there is even lesser chances of the authorities catching the hacker.  

So, the basic question arises is; how can you stop these attacks from happening? 

Most organizations don’t have a dedicated budget for stopping such attacks so what can they do? All of their data and day-to-day workings are on their networks and they just cannot go offline. Ransomware corrupts the system and as a result, whole databases can be lost. The recent attacks on the medial healthcare system in US and UK show that patient histories and other critical data was wiped away from the system and there was no backup available at all. It was an extremely dangerous situation for patients and became a new cause of concern for the insurers and the healthcare industry.  

To prevent from future attacks from ransomware and other malware, organizations including the health industry need to take at least some precautionary measures as the PR alone can do everlasting damage to an organization being held for ransom. If you pay the attackers, the customers and clients won’t trust in your ability to protect their data in the future. 

Here are some remedial measures to prevent a ransomware attack: 


Most of the organizations do not have a credible backup database in place. Not only your backup system should be in place, you need to document everything. The process must be centered around the Recover Point Objective (RPO) and Recovery Time Objective (RTO). It is essential that you set both of these according to your customers’ requirements. If your recovery is fast enough, you can reset the whole system easily and not be laid hostage to a ransomware attack. 


Testing the strength of your system is paramount to knowing how long can your system be back up if you take it down. Once you know how long it will take, you can take appropriate actions. Never place your backup drive on the same VLAN. It will compromise the entire system in case of a ransomware attack. 


The mock ransomware attacks are a great way to introduce your employees to deal with such a situation. You can groom them to make appropriate decisions about the network. You should educate them about the primary way of ransomware attack initiation- Phishing. The more your employees know better, they better they will be equipped in case of such an attack. 


Antivirus should be updated and installed at your end points in a network. While ransomware is specifically designed to avoid being detected by regular anti-viral software, the you can still use different tools to detect suspicious behavior. Also use a simple web filter to prevent drive-by infections that result in a system being compromised just by the clicking of a website.  


All of the steps needed in case of a ransomware attack should be documented in a step-wise manner and your employees should know them by heart. It should also include a plan to contact the authorities without letting the hackers know about it. It will give them time to figure out who is conducting the attacks and from where.  


An organization needs to mitigate the heavy risks associated with a ransomware attack. These steps ensure that your data remains secure even after the ransomware attack and they help you contain its advancement too. Remember that it is better to be safe and not risk your patients’ lives or customers! 

Scroll to top