Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world

About Us Leadership Principles Testimonials


secure your organization
Secure Your Organization

secure specific platforms
Secure Specific Platforms

cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments

View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities

CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers




filter by topic
Filter by Topic

View All Resources  
CIS Logo Show Search Expand Menu

Cyber Attacks: In the Healthcare Sector


As the healthcare sector continues to offer life-critical services while working to improve treatment and patient care with new technologies, criminals and cyber threat actors look to exploit the vulnerabilities that are coupled with these changes. The following blog series will explore one MS-ISAC analyst’s thoughts on today’s sources of frustration for healthcare IT and cybersecurity specialists.

The healthcare industry is plagued by a myriad of cybersecurity-related issues. These issues range from malware that compromises the integrity of systems and privacy of patients, to distributed denial of service (DDoS) attacks that disrupt facilities’ ability to provide patient care.

While other critical infrastructure sectors experience these types of attacks, the nature of the healthcare industry’s mission poses unique challenges. For healthcare, cyber-attacks can have ramifications beyond financial loss and breach of privacy. Ransomware, for example, is a particularly egregious form of malware for hospitals, as the loss of patient data can put lives at risk.

Each link below leads to a discussion of that unique type of attack in the healthcare sector. These articles include real-life examples of how the attack manifested, the damage and disruption it caused or could have caused if not handled properly, and suggestions on how to defend against or mitigate each type.


Arrow Ransomware

Arrow Data Breaches

Arrow DDoS Attacks

Arrow Insider Threats

Arrow Business Email Compromise and Fraud Scams


This is by no means an exhaustive list of the types of attacks hospitals face but, rather, a summary of some of the major and most costly incidents affecting hospitals.

U.S. hospitals can get access to Malicious Domain Blocking and Reporting (MDBR) to help defend against ransomware at no cost.