Cyber Threats to the Healthcare Sector

In this past year, cybersecurity attacks targeting the healthcare industry continue to trend upwards. In fact, it’s reported that cyber-attacks on the healthcare industry more than doubled from 2019. And as with many other industries, COVID-19 exposed vulnerabilities specifically in the healthcare sector. With this brief, healthcare organizations can further understand the various threats, attackers, and motives used by adversaries so that these organizations can begin to proactively protect themselves.


2020 saw a diverse range of actors targeting the healthcare sector. Among those were State-sponsored or state-affiliated Advanced Persistent Threat actors (APTs).

LookingGlass was able to identify attacks on healthcare sector organizations in Russia, Iran, China, and North Korea by known-APT groups. LookingGlass also saw a jump in attacks on the pharmaceutical industry, typically involving these types of actor profiles.

In order to monetize exploits, one major technique cyber-criminal actors used in 2020 was ransomware, such as REvil, NetWalker, PYSA, among others. Throughout 2020, cyber-criminal actors looked to access and encrypt patient health records, financial data, and other operational documentation, making it impossible for a healthcare organization to function. To learn more about the largest threats to the healthcare sector, download the full brief here.


Throughout 2020, LookingGlass observed significant activity across the external attack surface for the healthcare sector, particularly in probes/scanning, botnets, and malicious hosts. Probes and scanning can often be the initial scanning of the external attack surface in an effort to gain insight into vulnerabilities that an adversary or threat actor can exploit. Botnets are systems with a range of use, and a large impact. The impact of botnets can range from resource draining to the stealing of critical information.


Attackers are on the hunt to scope out and leverage one thing: vulnerabilities. Two of the most severe that impact the healthcare sector are CVE-2019-0708 and CVE-2020-0796. LookingGlass also found that specific products and protocols were also tied to potential vulnerabilities. To learn more about those products and protocols and how they’ve been exploited in the past, download the full brief here.


LookingGlass expects cyber criminals to increasingly target healthcare technology, specifically medical devices. Their financial motivation means they are more likely to attack a healthcare organization’s networks or systems in order to encrypt operational data, steal financial data, or find medical records to sell on underground markets.


Download the complete brief, HealthCare Threat Brief to learn more about LookingGlass’ findings.

For healthcare sector organizations interested in understanding their cyber risk by seeing what the adversary can see of their internet infrastructure, contact LookingGlass for a review of their cyber risk posture.