Reading Time: 3 minutes

A report by TechRepublic, an online trade magazine for the IT industry, found that the US health care industry sustains about 1,500 unique cyberattacks per day. One reason for all of these attacks is that many hospitals and medical facilities around the world do not have the most recent, state-of-the-art technologies installed to protect themselves from hackers.

An electronic push here, a bit of cyber tinkering there, and the hacker is inside the medical facility’s files.

But it’s not just ease of access that makes hospitals such a coveted target of cybercriminals. Very simply, they are data-rich. Some hackers are looking for medical files, yes, but other attacks are far more malicious. They are interested in planting malware that can help steal vast amounts of personal information from the site.

Health care facilities maintain detailed files on patients—both medical and insurance-related—as well as a considerable amount of confidential information few people would want hackers to have. And it’s not only patients’ records they are after. These same hackers are also looking for, and often gain access to, information on doctors, nurses, and staff.

Now, with COVID-19 in our midst, it appears things are getting worse. Authorities in both the United Kingdom and the United States report attacks on medical facilities are on the increase. According to a May 6 article in The Independent, a digital news publication in the UK, “the attacks appear to be attempting to take advantage of the difficulties in dealing with the outbreak and could undermine the response in both countries.”

The article says cybercriminals have been performing, among other things, what are called “password spraying” attacks. This is where hackers attempt to access many accounts by using commonly used passwords.

Other reports have noted an increase in the number of state-sponsored cyberattacks in health care research centers. This means foreign actors are trying to find out what type of COVID-related research is being conducted in the UK, the United States, and other countries, in order to stay ahead of the competition.

“There are various objectives and motivations that lie behind these attacks, from fraud on the one hand to espionage,” says Dominic Raab, the UK’s First Secretary of State and Secretary of State for Foreign and Commonwealth Affairs. “But they tend to be designed to steal bulk personal data, intellectual property and wider information that supports those aims, and they’re often linked with other state actors.”

In light of these developments, steps are now being taken to help medical facilities protect themselves from these attacks. For instance, security officials in both countries are now prioritizing requests from medical organizations that suspect malicious cyber activity. Further, they are trying to catch these incidents before medical facilities are aware they may be occurring.

However, authorities in both countries add, they cannot do this alone. They recommend health care policymakers and researchers take actionable steps to defend themselves from password-spraying campaigns and other malicious cyber behavior.

Typically, to address situations like this, organizations must turn to knowledgeable outside sources that provide what are called “critical infrastructure services.”  The primary goal of these services is to determine the risks to vital infrastructures, such as computer and electronic storage systems in hospitals and other large facilities, and protect them from domestic and international tampering.

Given how devastating these attacks can be, it’s clear the sooner medical facilities take these steps, the better. As a result of COVID, Raab warns, “we expect this kind of predatory, criminal behavior to continue and to evolve over the coming weeks and months ahead.”

Health care facilities must be ready and able now to defend themselves against these threats. We can help.  Talk to us.

To find WAD members who specialize in this area, go to

As always, we value your feedback, which helps us shape our perspective on recent events, security, and the services we offer.

Stay safe,

Johnathan Tal
Chief Executive Officer
TAL Global
O: 1-408-993-1300


WAD makes every effort to ensure all members are properly licensed and insured, where required. WAD is not a regulatory agency. Every member is approved by the Executive Committee after notice to the membership. Members are required to validate their credentials annually upon membership renewal. When utilizing another member, members are encouraged to do their own due diligence when contracting any Investigative or Security Professional. Twice annually, WAD will publish in this guide all WAD members that are active, as a reference only. WAD disclaims any liability for any damages incurred in the contracting of investigative or security services of its independent members.