Healthcare companies targeted by cyber criminals

01 March 2018

In January media reported that a hacker breached the systems of one of Norway’s largest healthcare providers, potentially compromising the healthcare data of almost three million patients, or about half of Norway’s population. The breach is thought to be the biggest of its kind in Europe.

On 15 January 2018, Health South-East RHF, reported that it had been subjected to a highly professional cyber attack that sought to access patient data, including data connected to Norway’s military. 

The breach is said to be a wake-up call for organisations preparing for the EU’s incoming data protection regulations, the General Data Protection Regulation (GDPR). The rules will bring in mandatory notification requirements, new rights for consumers and increased powers for regulators.

Health South-East RHF took seven days to notify individuals of the breach, which was discovered on 8 January. Under the GDPR, companies will have just 72 hours to notify those affected by a data breach involving personal data.


Healthcare companies have long been a target of cyber criminals looking to steal valuable patient data or to extort ransom payments from providers. Some of the largest data breaches across all sectors have involved healthcare companies and health insurers, including the 2015 data breaches at Anthem (79 million records stolen) and Premera Blue Cross (11 million records stolen).

According to security company Cryptonite, US healthcare data breaches in 2017 increased almost 24% on 2016 and were more than double that of 2015.

Ransomware attacks have been of particular concern of late, increasing 89% between 2016 and 2017. The five top cyber attacks against US healthcare companies in 2017 all involved ransomware, including the largest breach of 2017, the attack against medical device supplier Airway Oxygen, which affected 500,000 records.

Cryptonite warns that cyber criminals are increasingly targeting smaller healthcare providers and a broader mix of healthcare providers. It predicts that physician practices, surgical centres, diagnostic laboratories and other smaller healthcare institutions will be deliberately targeted by more refined ransomware tools in 2018.

Earlier this year, US healthcare provider Hackock Regional Hospital reportedly paid a USD 55,000 ransom to cyber criminals who had accessed its IT systems and seized patient data. Also in January, patient care services were disrupted after healthcare service producer Allscripts Healthcare Solutions was hit by ransomware. The group is now being sued by its customers.

Cryptonite also warns of an emerging risk from the internet of things (IoT) and predicts that cyber criminals will increasingly target connected medical devices. Last year’s WannaCry attack – which affected at least 81 of the 236 healthcare trusts in England and 603 primary care trusts – locked-down some 1,220 medical devices, including MRI scanners and devices for testing blood and tissue samples.

Download Cyber Newsletter

For further information, please contact Sarah Stephens, Head of Cyber, Content and New Technology Risks on