{"id":224,"date":"2026-02-12T16:20:42","date_gmt":"2026-02-12T16:20:42","guid":{"rendered":"https:\/\/blogs.gre.ac.uk\/nusc\/?p=224"},"modified":"2026-02-17T07:23:23","modified_gmt":"2026-02-17T07:23:23","slug":"are-you-up-to-date-on-your-cybersecurity-training-phishing-lessons-from-healthcare","status":"publish","type":"post","link":"https:\/\/blogs.gre.ac.uk\/nusc\/2026\/02\/12\/are-you-up-to-date-on-your-cybersecurity-training-phishing-lessons-from-healthcare\/","title":{"rendered":"Are you up-to-date on your cybersecurity training? Phishing lessons from healthcare."},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"335\" src=\"https:\/\/blogs.gre.ac.uk\/nusc\/wp-content\/uploads\/sites\/4\/2026\/01\/NUSC-Research-spotlight-banner-1024x335.png\" alt=\"\" class=\"wp-image-217\" srcset=\"https:\/\/blogs.gre.ac.uk\/nusc\/wp-content\/uploads\/sites\/4\/2026\/01\/NUSC-Research-spotlight-banner-1024x335.png 1024w, https:\/\/blogs.gre.ac.uk\/nusc\/wp-content\/uploads\/sites\/4\/2026\/01\/NUSC-Research-spotlight-banner-300x98.png 300w, https:\/\/blogs.gre.ac.uk\/nusc\/wp-content\/uploads\/sites\/4\/2026\/01\/NUSC-Research-spotlight-banner-768x251.png 768w, https:\/\/blogs.gre.ac.uk\/nusc\/wp-content\/uploads\/sites\/4\/2026\/01\/NUSC-Research-spotlight-banner-1536x503.png 1536w, https:\/\/blogs.gre.ac.uk\/nusc\/wp-content\/uploads\/sites\/4\/2026\/01\/NUSC-Research-spotlight-banner-2048x670.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Picture this. You\u2019re a nurse and your 12 hour shift should have finished 40 minutes ago. You go to log out of the PC and you see an email from the consultant asking to send some patient details. You mentally sigh -thinking they should be able to access this themselves but were probably too lazy- and reply with the file. You finish signing off and rush to get to the bus stop in time.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Compared to 2017, <strong>cyber attacks on hospitals increased 72% in 2023<\/strong>. Not only have the increased in number, but also severity. This is one of the findings from an analysis of 18,009 cyber attacks on hospitals by <a href=\"https:\/\/www.gre.ac.uk\/people\/rep\/faculty-of-business\/anna-piazza\">Dr Anna Piazza<\/a> and <a href=\"https:\/\/www.gre.ac.uk\/people\/rep\/faculty-of-business\/dr-srinidhi-vasudevan\">Dr Srinidhi Vasudevan<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Let&#8217;s return to being a nurse. At work the next day after some (albeit limited) sleep, you open your emails, only now do you realise the email you received last night looks a little\u2026 well, fishy. You call the consultant who confirms that they did, in fact, <strong>not<\/strong> email you. Your heart and stomach sink.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Let&#8217;s get familiar with the different types of cyber attacks and see some examples of how they&#8217;ve manifested within healthcare. Click on the names below for more information.<\/p>\n\n\n\n<details class=\"wp-block-details is-layout-flow wp-block-details-is-layout-flow\" open><summary><strong>Insider Threats <\/strong><\/summary>\n<p class=\"wp-block-paragraph\"><strong>Threat: <\/strong>Moderate. <br><strong><strong>Risks: <\/strong><\/strong>Unauthorized data access, sabotage. <br><strong>Example:<\/strong> In 2022, a previous staff member of BayCare Health System in Florida illicitly accessed patient records of 193,947 patients, resulting in the possible exposure of protected health information (PHI). The breach was attributed to tracking pixels utilized by Advocate Aurora Health, a partnering company. These tracking pixels, typically utilized for targeted marketing and monitoring visitor activity, inadvertently revealed information about patient engagements with BayCare Clinic&#8217;s patient portal. Reputation damage: loss of trust and further scrutiny from public, regulatory authorities. Financial Loss: class action against the company. Patient impact: Loss of privacy<\/p>\n<\/details>\n\n\n\n<details class=\"wp-block-details is-layout-flow wp-block-details-is-layout-flow\"><summary><strong>Phishing<\/strong><\/summary>\n<p class=\"wp-block-paragraph\"><strong>Threat: <\/strong>Moderate<br><strong><strong>Risks: <\/strong><\/strong> Unauthorized access to sensitive data <br><strong>Example:<\/strong> In 2021, Finnish psychotherapy centre Vastaamo faced a phishing breach, exposing patient therapy records. Patients received ransom emails demanding EUR 200 in bitcoin payment to not expose discussions with therapist to become public. Reputation damage: Loss of trust. Patient impact: Mental distress for patients who sought victim support services.<\/p>\n<\/details>\n\n\n\n<details class=\"wp-block-details is-layout-flow wp-block-details-is-layout-flow\"><summary><strong>Distributed Denial of Service<\/strong><\/summary>\n<p class=\"wp-block-paragraph\"><strong>Threat: <\/strong>High<br><strong>Risks: <\/strong>Loss of critical services, impact on patient care. <br><strong>Example: <\/strong>In 2020, the University of Vermont Medical Centre suffered a DDoS attack, affecting patient appointments and delaying elective procedures. Financial loss: USDb 1 million.<\/p>\n<\/details>\n\n\n\n<details class=\"wp-block-details is-layout-flow wp-block-details-is-layout-flow\"><summary><strong>Ransomware<\/strong><\/summary>\n<p class=\"wp-block-paragraph\"><strong>Threat: <\/strong>Critical<br><strong><strong>Risks: <\/strong> <\/strong>Data loss, operational disruption <br><strong>Example: <\/strong>The WannaCry attack in 2017 paralyzed the United Kingdom\u2019s NHS, delaying treatment plans and rerouting ambulances. Financial impact: the attack costed the NHS over 92 million GBP.&nbsp; Patient impact: Over 19000 appointments were cancelled and 34 % of the NHS trusts were disrupted<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\"><\/div><\/div>\n<\/details>\n\n\n\n<details class=\"wp-block-details is-layout-flow wp-block-details-is-layout-flow\"><summary><strong>Man-In-The-Middle (MITM)<\/strong><\/summary>\n<p class=\"wp-block-paragraph\"><strong>Threat: <\/strong>High<br><strong>Risks: <\/strong>Intercepting sensitive data and\/or compromise patient care.<br><strong>Example:<\/strong> In 2015, UCLA Health System experienced a breach from MITM attack, which resulted in the theft of patient data and the compromise of 4.5 million patients<\/p>\n<\/details>\n\n\n\n<details class=\"wp-block-details is-layout-flow wp-block-details-is-layout-flow\"><summary><strong>Wearable Device Exploits<\/strong><\/summary>\n<p class=\"wp-block-paragraph\"><strong>Threat: <\/strong>Moderate<br><strong>Risks: <\/strong>Unauthorized data access, privacy breaches<br><strong>Example:<\/strong> 61 million records of individuals containing sensitive health data were inadvertently leaked from an unsecured database from the company GetHealth. Patient safety: Exposure of personal health information breaching privacy and potential harm if data is tampered with<\/p>\n<\/details>\n\n\n\n<details class=\"wp-block-details is-layout-flow wp-block-details-is-layout-flow\"><summary><strong>Robotic Surgery Vulnerabilities<\/strong><\/summary>\n<p class=\"wp-block-paragraph\"><strong>Threat: <\/strong>High<br><strong>Risks: <\/strong>Surgical errors, patient harm<br><strong>Example:<\/strong> In 2022, a group of researchers simulated cybersecurity attacks that could potentially disrupt a roboticassisted surgery, resulting in unintended incisions.&nbsp; Patient safety: Surgical errors can result in bleeding, infection, and other adverse outcomes<\/p>\n<\/details>\n\n\n\n<details class=\"wp-block-details is-layout-flow wp-block-details-is-layout-flow\"><summary><strong>AI Based Attacks<\/strong><\/summary>\n<p class=\"wp-block-paragraph\"><strong>Threat: <\/strong>Moderate<br><strong>Risks: <\/strong>Misdiagnoses, compromised treatment recommendations<br><strong>Example: <\/strong>AI-driven diagnostic tools may be intentionally manipulated, leading to incorrect diagnoses. These could be due to the limitations of the AI tool which exacerbate existing disparities and provide biased results. &nbsp;Impact on patient care: Delayed or incorrect treatment.<\/p>\n<\/details>\n\n\n\n<details class=\"wp-block-details is-layout-flow wp-block-details-is-layout-flow\"><summary><strong>IoT Vulnerabilities<\/strong><\/summary>\n<p class=\"wp-block-paragraph\"><strong>Threat: <\/strong>Moderate<br><strong><strong>Risks: <\/strong><\/strong>Patient safety risks, data exposure<br><strong>Example: <\/strong>In 2023, Medtronic\u2019s insulin pumps were found vulnerable to remote attacks whereby the attacker can alter insulin dosage to the patients from an adjacent network. Patient safety: Risk of insulin overdose<\/p>\n<\/details>\n\n\n\n<p class=\"wp-block-paragraph\">In 2017, phishing attacks, like the one described, were the most significant threat. However, this landscape has now evolved. Dr Piazza and Dr Vasudevan identify the most critically important form of attack are <strong>Advanced Persistent Threats (APTS)<\/strong> a form of ransomware where an intruder gains access to a system but remains undetected for long periods of time, often accessing sensitive data<strong>. &nbsp;<\/strong>Table 1 provides a quick summary, with examples, of these different kind of attacks so that you can become (if you\u2019re not already) a bit of a cyber security expert. Now, compared to 2017, most commonly these attacks are ransomware, cyber espionage, cyber terrorism, distributed denial of service and man-in-the-middle attacks.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Hospitals often lack the budget and technical expertise to protect against cyber threats compared to other industries. Just to give two examples of recent cases in the UK with profound damages \u2013 the <a href=\"https:\/\/www.nao.org.uk\/reports\/investigation-wannacry-cyber-attack-and-the-nhs\/\">2017 WannaCry attack affected NHS services<\/a> with an estimated 19,000 appointments cancelled; &nbsp;the <a href=\"https:\/\/www.bbc.co.uk\/news\/uk-wales-62442127\">2022 NHS attack on the 111 service<\/a> in the UK resulted in deaths and <a href=\"https:\/\/www.bbc.co.uk\/news\/articles\/c78llg7n5d5o\">a data breach<\/a> which led to the release of data impacting over 80,000 people. &nbsp;The European Union\u2019s\u2019 cybersecurity agency estimates that <strong>53% <\/strong>of cyberattacks in the EU are targeted at healthcare organisations.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Dr Piazza and Dr Vasudevan research is critical to bridge the gap in <strong>dependable data to show the evolution of these cyber threats in healthcare<\/strong> \u2013 without it, healthcare organisations will not be able to effectively counter cyber attacks. Dr Piazza and Dr Vasudevan do this by using multiple methods to map patterns and trends in different attack types and on different hospital types utilising nonconventional databases, social network analysis, machine learning and natural language processing. They find, for example, that enhanced attacks, like cyber terrorism, are most likely in teaching and public hospitals, and less likely in community or children\u2019s hospitals. To read more on the methodology they employed, take a look at the full research article <a href=\"https:\/\/www.liebertpub.com\/doi\/10.1089\/hs.2024.0016#core-collateral-purchase-access\">Mapping the Cyberthreat Landscape in Healthcare Using GDELT: A Multimethod Approach | Health Security<\/a> or reach out to the researchers!<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Their approach highlights that whilst healthcare organisations have successfully warded of low level attacks, there is <strong>exponential growth<\/strong> in high level critical attacks. The methodology presented by Dr Piazza and Dr Vasudevan provides a framework to help institutions to identify vulnerabilities, anticipate threats and implement proactive measures to mitigate these risks.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><strong>AI Disclosure statement: <\/strong>Generative AI was used in to generate the cover image for this article. However, it was not used to write, edit or refine the text within this article.<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Picture this. You\u2019re a nurse and your 12 hour shift should have finished 40 minutes ago. You go to log out of the PC and you see an email from the consultant asking to send some patient details. You mentally sigh -thinking they should be able to access this themselves but were probably too lazy- and reply with the file. You finish signing off and rush to get to the bus stop in time.<\/p>\n<p>Compared to 2017, cyber attacks on hospitals increased 72% in 2023. Not only have the increased in number, but also severity. This is one of the findings from an analysis of 18,009 cyber attacks on hospitals by Dr Anna Piazza and Dr Srinidhi Vasudevan.<\/p>\n","protected":false},"author":129,"featured_media":239,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"jetpack_seo_schema_type":"","_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[299,300,28,298],"tags":[313,310,322,321,327,323,316,324,328,303,330,318,304,326,308,325,301,319,329,302,306,314,309,315,320,17,317,305,307,312,311],"class_list":["post-224","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","category-health-care","category-research-spotlight","category-technology","tag-advanced-persistent-threats","tag-ai-attacks","tag-apts","tag-cyber-espionage","tag-cyber-incident-examples","tag-cyber-risk-in-healthcare","tag-cyber-terrorism","tag-cyber-threat-analysis","tag-cyberattack-trends","tag-cybersecurity","tag-cybersecurity-research","tag-data-breaches","tag-ddos","tag-digital-health-security","tag-distributed-denial-of-service","tag-health-systems-resilience","tag-healthcare-cybersecurity","tag-healthcare-data-protection","tag-healthcare-technology-risks","tag-hospital-cyber-attacks","tag-insider-threats","tag-iot-vulnerabilities","tag-man-in-the-middle-attacks","tag-mitm","tag-nhs-cybersecurity","tag-nusc-research","tag-patient-safety","tag-phishing","tag-ransomware","tag-robotic-surgery-vulnerabilities","tag-wearable-device-security","has-thumbnail"],"jetpack_featured_media_url":"https:\/\/blogs.gre.ac.uk\/nusc\/wp-content\/uploads\/sites\/4\/2026\/02\/create-an-image-of-a-male-nurse-checking-the-computer-before-finishing-a-long-shift-in-a-hospital.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blogs.gre.ac.uk\/nusc\/wp-json\/wp\/v2\/posts\/224","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.gre.ac.uk\/nusc\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.gre.ac.uk\/nusc\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.gre.ac.uk\/nusc\/wp-json\/wp\/v2\/users\/129"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.gre.ac.uk\/nusc\/wp-json\/wp\/v2\/comments?post=224"}],"version-history":[{"count":18,"href":"https:\/\/blogs.gre.ac.uk\/nusc\/wp-json\/wp\/v2\/posts\/224\/revisions"}],"predecessor-version":[{"id":253,"href":"https:\/\/blogs.gre.ac.uk\/nusc\/wp-json\/wp\/v2\/posts\/224\/revisions\/253"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.gre.ac.uk\/nusc\/wp-json\/wp\/v2\/media\/239"}],"wp:attachment":[{"href":"https:\/\/blogs.gre.ac.uk\/nusc\/wp-json\/wp\/v2\/media?parent=224"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.gre.ac.uk\/nusc\/wp-json\/wp\/v2\/categories?post=224"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.gre.ac.uk\/nusc\/wp-json\/wp\/v2\/tags?post=224"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}