Cybersecurity


Last update: March 13, 2025

Authors
Keefer Wu
Northeastern University Khoury College of Computer Sciences
Boston, Massachusetts, USA

Patricia Tsang, M.D., M.B.A.
MedStar Health
Washington D.C., USA

Editorial Board Members
Jerome Cheng, M.D.
University of Michigan
Ann Arbor, Michigan, USA

Lewis A. Hassell, M.D.
University of Oklahoma Health Sciences Center
Oklahoma City, Oklahoma, USA
Abstract
  • Cybersecurity in pathology and laboratory medicine refers to the protection of digital systems, networks and data from cyber threats and attacks, ensuring the confidentiality, integrity and availability of patient data
  • Healthcare is an attractive target for cyberattacks for potential financial gain or malicious intent since patient records contain sensitive and private information and cyber defenses are generally vulnerable[1]
Essential features
  • Pathologists and clinical laboratory leaders should be proactive about network security, safeguarding patient information and preventing unauthorized access
  • Cybersecurity strategies include implementing robust firewalls, intrusion detection / prevention systems and encryption protocols[2]
  • Remote access of patient information via mobile devices should involve data encryption, including for pathology reports and diagnostic images, to prevent unauthorized disclosure
  • Regular system updates can ensure all software and systems used in pathology practice are up to date with the latest security patches to address known vulnerabilities
  • Train pathologists and staff on cybersecurity best practices, including how to recognize phishing attempts and how to follow secure data handling protocols[3]
Terminology
  • Information security: involves protecting patient data and digital records from unauthorized access, ensuring confidentiality, integrity and availability
  • Data breach: unauthorized access or disclosure of patient information, which compromises patient confidentiality
  • Phishing link: an internet link sent by cyberattackers that downloads malware when clicked or induces victims to disclose passwords or private information
  • Ransomware: a malicious software that unlawfully restricts access to computer systems or locks data and demands a ransom payment to restore access, often spread by phishing links
  • Malware: encompasses various harmful software designed to damage computer systems or steal electronic information
  • Cyber threat intelligence: gathering and analyzing information about cybersecurity threats to proactively implement preventive measures and respond effectively to potential risks
Background
  • Healthcare is a vulnerable industry with a high average cost per data breach due to the sensitive nature of patient records, which contain personal data and financial information
  • In 2019, the U.S. Food and Drug Administration (FDA) identified 11 areas of vulnerability whereby a cybercriminal could remotely control medical devices, such as changing or removing laboratory data[4]
  • Hospitals and medical practices have generally lagged behind other industries in cyber defenses, making them an attractive target for cybercriminals

    Figure 1: Cyberattack costs by industry

  • WannaCry ransomware attack[5]
    • Global cyberattack on hospitals, medical practices and various diagnostic devices in 2017
    • First ransomware to mass target medical devices, affecting 150 countries on the first day
    • 1,200 devices affected and 19,000 medical appointments canceled
    • Thought to be a politically motivated act of international terrorism
  • Other recent incidents of cyberattack on health institutions are listed in the table below[6, 7, 8]

    Institution Cyberattack incident Year Approximate downtime Comment
    5 hospitals in the Waikato District Health Board (New Zealand) Ransomware 2021 Several weeks Attackers posted stolen data from 4,200 patients when ransom was not paid
    University of Vermont Medical Center Ryuk Ransomware 2020 Several weeks Malware infected 5,000 computers; disrupted elective procedures, laboratory data and medical appointments; financial loss estimated at > $63 million
    Dusseldorf University Hospital DoppelPaymer Ransomware 2020 Nearly 2 weeks Corrupted 30 servers and shut down emergency department, leading to fatality when patient had to be redirected to a more distant hospital
    LabCorp SamSam Ransomware 2018 1 week Affected multiple laboratories in the United States; impacted 7,000 systems and 1,900 servers; disrupted laboratory operations
Applications
  • Defending against cyber threats
    • Cybersecurity measures help pathologists and healthcare institutions defend against cyberattacks, e.g., ransomware, malware and data breaches, thus reducing potential disruption to patient care services and essential operations
  • Protecting patient data
    • Cyber defense strategies can safeguard patient health records and pathology data, preventing unauthorized access, theft or tampering with sensitive information
  • Securing telepathology systems
    • COVID pandemic has accelerated adoption of digital technologies and telepathology, creating a platform for potential security breaches
    • Encrypted patient data and protected communication channels can allow pathologists to securely collaborate and share digital pathology images remotely[9]
Implementation
  • Security risk assessment
    • Conduct a comprehensive assessment of the pathology practice's digital infrastructure to proactively identify vulnerabilities and potential risks
  • Establish cybersecurity governance
    • Develop and implement policies that outline security procedures, data handling guidelines and incident response protocols
  • Employee training
    • Adequate training for pathologists and laboratory staff, emphasizing the importance of cybersecurity best practices
      • Password management, recognizing phishing attempts, responsible use of social media and personal mobile devices and reporting security incidents[3]
  • Network and system protection
    • Regular system updates and patching to ensure all software and systems used in pathology practice contain the latest security patches to address known vulnerabilities

      Figure 2: Healthcare vulnerabilities, cybersecurity strategies

    • A zero trust security control strategy involves performing preimplementation due diligence on all new software and network connected medical devices[2]
    • Deploy firewalls, intrusion detection / prevention systems and antivirus software to safeguard networks and devices
    • Firewall is the first line of digital defense for protecting healthcare network from the public internet, aimed at blocking malware from being installed and preventing unauthorized access of protected health information
    • Implement access controls of pathology information: employing role based remote access privileges (specific to pathologists, administrative staff and technical staff) and multifactor authentication can limit potential breaches
  • Incident response plan
    • Develop a clear incident response plan to rapidly address and contain cybersecurity breaches
Advantages
  • Data protection
    • Cybersecurity measures safeguard patient data, preserving patient privacy and confidentiality of personal information
    • Laboratories and hospitals have a social responsibility to proactively deter and block cyberattacks by hackers
  • Continuity of services
    • By preventing cyberattacks and data breaches, healthcare organizations can ensure uninterrupted access to their information systems and medical devices essential for providing patient care
    • Cyberattack related downtime in pathology and laboratory information systems is associated with operational inefficiency, service disruption and an elevated risk of medical errors related to manual processes
  • Regulatory and standard compliance
    • Adhering to cybersecurity standards helps the pathology practice comply with data protection laws and healthcare regulations, such as the Healthcare Insurance Accountability and Portability Act of 1996 (HIPAA)[2, 10]
Limitations
  • Practical issues related to cost, resources and expertise
    • Implementing comprehensive cybersecurity measures may involve significant initial costs and ongoing maintenance expenses; however, cyber breaches due to inadequate security can cause even more financial damage as well as loss of patient trust[11]
    • Inadequate access to cybersecurity experts knowledgeable in healthcare may be a source of vulnerability
  • Human errors
    • Despite security measures, human errors, such as insecure data handling and falling victim to phishing attacks, can still be a source of security risk
  • Paying ransom does not guarantee easier recovery
    • 80% of small to medium companies that paid the ransom historically did not receive the decryption key as promised[4]
  • Evolving threats
    • As cyber threats continue to evolve, staying ahead of attacks requires continuous updates and improvements to cybersecurity protocols[11]
Software
  • Symantec Endpoint Security
    • Comprehensive cybersecurity solution that offers antivirus, firewall and intrusion prevention capabilities to protect against various threats
  • McAfee Total Protection
    • Provides antivirus, antimalware and encryption features to safeguard data and devices from cyber threat
  • Cisco Umbrella
    • Cloud delivered security service that offers protection against threats, such as malware, ransomware and phishing attacks
Board review style question #1

Which of the following shows the correct definition of a term related to cybersecurity or cyberattack?

  1. Data encryption: harmful software designed to steal sensitive electronic information
  2. Firewall: a security measure that automatically triggers a police report when a cyber threat is detected
  3. Phishing: the practice of sending email messages to alert patients that laboratory results are available in the patient portal
  4. Ransomware: malicious software that locks or encrypts data, restricts access to computer systems or devices and demands a ransom payment to restore access
Board review style answer #1
D. Ransomware is malicious software that locks or encrypts data, restricts access to computer systems or devices and demands a ransom payment to restore access. It is a type of cybercrime aimed at extorting money. Answer C is incorrect because phishing involves sending an email or internet link that downloads malware when clicked on or induces victims to disclose passwords and private information. Answer B is incorrect because firewalls are a security measure that protects computer networks by blocking malware from being installed. Answer A is incorrect because data encryption involves encoding sensitive information that can only be accessed or decoded by a user with the correct encryption key.
Board review style question #2
Which of the following practice patterns can increase the risk of a cyberattack?

  1. Adopt a zero trust security control strategy that mandates due diligence conducted on all new software
  2. Increase staff's awareness of potential phishing attempts on their work email
  3. Delay implementation of software updates of the laboratory information system
  4. Deploy firewalls, intrusion detection / prevention systems and antivirus software
Board review style answer #2
C. Delay implementation of software updates of the laboratory information system. Delaying software updates poses a risk because regular system updates and patching are necessary to ensure that information systems contain the latest security patches. Answer D is incorrect because deploying firewalls, intrusion detection / prevention systems and antivirus software is an effective cyber defense strategy. Answers A and B are incorrect because increasing awareness of potential phishing attempts and adopting a zero trust security control strategy on new software can reduce the risk of a cyberattack.
References
  1. Coventry L, Branley D. Cybersecurity in healthcare: A narrative review of trends, threats and ways forward. Maturitas. 2018 Jul:113:48-52. [PubMed]
  2. Patel AU, Williams CL, Hart SN, Garcia CA, Durant TJS, Cornish TC, McClintock DS. Cybersecurity and Information Assurance for the Clinical Laboratory. J Appl Lab Med. 2023 Jan 4;8(1):145-161. [PubMed]
  3. Stowman AM, Cacciatore LS, Cortright V, McConnell J, Wilburn C, Bryant B, Frisch N, Kalof AN. Anatomy of a Cyberattack: Part 3: Coordination in Crisis, Development of an Incident Command Team, and Resident Education During Downtime. Am J Clin Pathol. 2022 Jun 7;157(6):814-822. [PubMed]
  4. Ghayoomi H, Laskey K, Miller-Hooks E, Hooks C, Tariverdi M. Assessing resilience of hospitals to cyberattack. Digit Health. 2021 Nov 29:7:20552076211059366. [PMC free article] [PubMed]
  5. American Hospital Association. Ransomware Attacks on Hospitals Have Changed. 2020. URL: https://www.aha.org/center/cybersecurity-and-risk-advisory-services/ransomware-attacks-hospitals-have-changed (accessed March 2025).
  6. Hoffman TW, Baker JF. Navigating our way through a hospital ransomware attack: ethical considerations in delivering acute orthopaedic care. J Med Ethics. 2023 Feb;49(2):121-124. [PubMed]
  7. Stowman AM, Frisch N, Gibson PC, St John T, Cacciatore LS, Cortright V, Schwartz M, Anderson SR, Kalof AN. Anatomy of a Cyberattack: Part 1: Managing an Anatomic Pathology Laboratory During 25 Days of Downtime. Am J Clin Pathol. 2022 Apr 1;157(4):510-517. [PubMed]
  8. Nadeborn D, Dittrich T. Cybersecurity in hospitals-Part 1: IT compliance as a management task. Int Cybersecur Law Rev. 2022;3(1):147-161. [PubMed]
  9. Nifakos S, Chandramouli K, Nikolaou CK, Papachristou P, Koch S, Panaousis E, Bonacina S. Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review. Sensors (Basel). 2021 Jul 28;21(15):5119. [PMC free article] [PubMed]
  10. Cartwright AJ. The elephant in the room: cybersecurity in healthcare. J Clin Monit Comput. 2023 Oct;37(5):1123-1132. [PMC free article] [PubMed]
  11. Kruse CS, Frederick B, Jacobson T, Monticone DK. Cybersecurity in healthcare: A systematic review of modern threats and trends. Technol Health Care. 2017;25(1):1-10. [PubMed]
  12. Institute of Electrical and Electronics Engineers. Cybersecurity of Healthcare IoT-Based Systems - Regulation and Case-Oriented Assessment. 2018. URL: https://doi.org/10.1109/DESSERT.2018.8409101 (accessed March 2025).
  13. Institute of Electrical and Electronics Engineers. CyberSecurity in Healthcare Industry. 2021. URL: https://doi.org/10.1109/ICIT52682.2021.9491669 (accessed March 2025).
  14. Institute of Electrical and Electronics Engineers. Cyber Security in Healthcare Networks. 2017. URL: https://doi.org/10.1109/EHB.2017.7995449 (accessed March 2025).
Miscellaneous information
Questions or comments about this article can be directed to comments@pathologyoutlines.com.
Back to top
Image 01 Image 02