What are some common cyber threats?

There are many forms of cyber threats, but the common ones pertaining to the healthcare sector are:

  1. Email phishing attacks: Phishing attacks are commonly utilised by attackers. It involves an inbound phishing email comprising an active link or file, and may appear to originate from a trusted or legitimate sender. Accessing the link or file may either direct users to websites that solicit sensitive information or lead to downloading of malicious software1. Locally, 70% of incidents reported to Singapore Computer Emergency Response Team (SingCERT) by SMEs and members of the public occurred through phishing attacks2.
  2. Malware: Malware can be designed to disrupt or deny normal computer operations, steal information, or gain unauthorised access. There are many different types of malware such as virus, Trojan, spyware, botnet, worm, ransomware, and zero-day exploits.
  3. Loss or theft of equipment or data, and insider threats: Every day, devices such as mobile/smart phones, laptops, and hard drives are lost or stolen, and can end up in the hands of hackers. This is even more critical in the healthcare sector where sensitive information may be stored in such devices. The consequences can be even more dire if such devices do not have adequate encryption. In addition, insider threats, both accidental or intentional may exist within every organisation.
  4. Ignorance and apathy (“human forms of malware”): Apathy about cybersecurity hygiene hampers an organisation’s / practice’s ability to protect against cyber-attacks. The lack of interest, enthusiasm, or concern over one’s organisation or practice’s cyber health can be exploited by hackers.

Department of Health and Human Services, USA: Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients
Cybersecurity Agency Singapore (CSA): Singapore’s Safer Cyberspace Masterplan 2020
3 https://hbr.org/2017/05/the-best-cybersecurity-investment-you-can-make-is-better-training