Healthcare under attack – Cyber security incident response in times of pandemic

These days we can constantly read about new cyberattacks against private and public actors. Even before COVID-19, the healthcare sector was a target of cyberattacks, but during the crisis the attacks have intensified, and the awareness about the importance of securing the healthcare and medical sectors has increased.

According to, 80% of companies have noticed an increase in cyberattacks during the pandemic, 27% of the attacks being targeted on banks or healthcare. Cloud based attacks and phishing attempts increased by about 600% during spring 2020. In Europe, for the first time in history, a life was lost due to ransomware in September. In the United States the Cybersecurity and Infrastructure Security Agency (CISA) warned about imminent cybercrime threat to hospitals and healthcare providers in October. These are only some examples of cybercrime activity in 2020.

Healthcare is one of the most critical areas of society, and thus must be protected from cyberattacks.

But it is not easy. For example, clinical information systems, which often consist of several pieces from different suppliers, can be demanding to secure, yet still they need to be available around the clock. There is also a wide variety of medical devices, many of which use a legacy operating system. A cyberattack on a certain device or critical system can risk patient safety. It is extremely important to secure the business continuity in hospitals even under cyberattacks. These attacks can slow down and paralyze healthcare, or in the worst case even cost lives. In addition, cyber incidents can undermine confidence in healthcare and cause fear.

Cyber Security training

After implementing all the measures of cybersecurity, one major factor that cannot be technically eliminated is the human factor. Cybersecurity is obviously not the core expertise in healthcare, however, it is extremely important for the healthcare personnel to have basic training in it. You cannot expect a healthcare professional to have cybersecurity as their primary objective because it is not. But on the other hand, a minor slip, for example, clicking the wrong link in an email, can have serious consequences. If things go wrong, you can lose control of your critical systems due to ransomware and thus, the already busy tasks in nursing may become a lot harder. Here are some statements about best practices of cybersecurity incident management regarding personnel:

  • The organization actively trains personnel in cybersecurity and informs about current threats
  • The personnel are trained to recognize and report suspicious email * 
  • In case of suspicious email sent from a trusted source, the personnel are trained to verify authenticity from the sender either face to face or by phone *
  • The personnel are trained to use a reliable link expansion service if an email contains a shortened URL *
  • The personnel are trained to keep passwords secure and not share them with others. Also, devices are not left open with credentials, not even for a moment **

In our project’s handbook, Cyber security incident response processes and guidelines in healthcare environments, we introduce more advice on training cybersecurity awareness for healthcare personnel along with cybersecurity management, threat information sharing and some technical perspectives of cybersecurity incident response.

The handbook (in Finnish), Kyberhäiriöiden hallinta – Käsikirja terveydenhuollon toimijoille, can be downloaded here.





Vesa Vertainen


Institute of Information Technology, JAMK University of Applied Sciences