Cyber attacks on the health care sector increase by more than 10%

The National Cyber Security Centre defended the health care sector from 723 cyber attacks between September 2019 and August 2020, an increase of 10% on the previous year. Around 200 of these were related to COVID-19.

Research recently published by UK based information security company, Clearswift revealed that 67% of healthcare organizations in the UK have suffered a cybersecurity incident over the last 12 months. The research also revealed:

The threats posed by General Data Protection Regulation (GDPR) Breaches

The wealth of sensitive data that healthcare providers possess makes them an attractive target for cybercriminals looking to make money from ransom payments or fraud. Frighteningly, there are even more reasons for cyber criminals to attack the healthcare sector. These include:

  • Hospitals store a large amount of confidential patient data which if sold on, can generate a lot of profit for cyber criminals.

  • Medical devices are an easy entry point for attackers as they are naturally not mind with cyber security in mind. Although the devices don't hold personal data they are key to the functionality of a hospital and if they were taken offline, they would still cause huge disruption.

  • Human error and remote data access together can be a huge risk for healthcare providers. Often, information and data needs to be accessed by individuals working remotely from different devices. If those devices are compromised and are connected to the network, this leaves a door open for other devices to also be compromised.

  • Whilst medical professionals are educated in their fields, they are not always trained on cyber security. Adhering to simple cyber security basics like multi-factor authentication are a good starting place as they don't require individuals to know anything more than their own login credentials.

How can we help your business, follow these steps to become more cyber resilient:

Sign up to membership via

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.