This post is part of an ongoing blog series examining “Sure Things” (predictions that are almost guaranteed to happen) and “Long Shots” (predictions that are less likely to happen) in cybersecurity in 2017.  

2016 was the year of ransomware in cybersecurity, and it was especially impactful in healthcare. In this blog post, I’ll lay out a few predictions about the type of threats that the healthcare industry will face in 2017.

Sure Things

1. Ransomware Will Continue to Target Healthcare

I suppose this is an obvious one. Many hospitals were impacted by ransomware this past year. Hospitals in California, Indiana and Kentucky were hit especially hard by ransomware variants that target servers, as opposed to user PCs. A hospital in Washington was impacted to the point where it had to redirect patients to other facilities in order to maintain adequate quality of care.

The bad guys have turned to ransomware as their go-to choice of attack because the Bitcoin payments are anonymous and, as a business model, it is an effective way to get paid without getting caught by the police. They target healthcare because the attack vector for the highly effective SAMSA ransomware variant is through unpatched JBOSS application servers in the DMZ (the Internet-facing area of a network).  Hospitals have many of these servers and are being successfully exploited in increasing numbers.

With any luck, the word has been spread well enough to healthcare organisations so that JBOSS vulnerabilities have been patched or at least mitigated. However, we haven’t seen the last of this trend.  Ransomware will continue to target healthcare throughout 2017 through the standard areas of attack: web-based drive-by downloads, malicious e-mail attachments or links, and unpatched servers in the DMZ.

2. Accidental Oversharing in SaaS Apps Will Increase, Resulting in Losses of Patient Data

Medical staff love to use cloud file-sharing SaaS apps, like Box, Dropbox and Google Drive, because they fill a gap in many healthcare organisations: easy file sharing. The problem with the public versions of these services is that it’s up to the user to control who has access to the files, and it’s quite easy to accidentally configure a file containing protected health information (PHI) to be shared with the entire Internet public. Enterprise versions of Box, for example, enable administrators the ability to restrict public access, but many healthcare organisations don’t block the free versions.

I wrote a blog post earlier this year on the topic of SaaS security, along with some recommendations for mitigating the risk. Until healthcare organisations provide a sanctioned method for file sharing, both within and external to their organisations, and proactively block unsanctioned file-sharing websites, we are likely to see losses of patient data due to accidental oversharing.

Long Shots

1. A Cyberattack on a Medical Device Will Cause the First Confirmed Injury to a Patient

Many medical devices used in medical facilities today lack basic security. Often, medical devices lack endpoint protection, and regular patching, functioning on outdated operating systems, like Windows XP. For these reasons, they are prime targets for malware and cyberattacks.

There has been only one confirmed FDA order to pull a specific medical device out of hospitals. I believe the reason we have only seen one is due to insufficient research on and awareness of the problem.  There hasn’t been much research because medical devices are expensive and there is no financial incentive to perform the sort of security research required to find and fix medical device vulnerabilities.

Attackers motivated by money have used ransomware due to the quick payout and anonymity, but there’s a type of attacker who is in the “I did it because I could” crowd. These adversaries hack for fun. To date there have been no confirmed cases of physical harm to patients due to a cyberattack on a medical device, but I believe that it’s only a matter of time before a bad actor takes advantage of the most vulnerable area of hospital networks – medical devices – and wants to make a statement.

What are your cybersecurity predictions for the healthcare industry? Share your thoughts in the comments and be sure to stay tuned for the next post in this series where we’ll share predictions for financial services.



This article originally appeared on 


PA-5200 Series Specsheet

Palo Alto Networks® PA-5200 Series of next-generation firewall appliances comprises the PA-5260, the PA-5250 and the PA-5220, which target high-speed data center, internet gateway and service provider deployments. The PA-5200 Series delivers up to 72 Gbps of throughput using dedicated processing and memory for the key functional areas of networking, security, threat prevention and management.

  • 4244

PA-220 Specsheet

Palo Alto Networks PA-220 brings next-generation firewall capabilities to distributed enterprise branch offices, retail locations and midsized businesses.

  • 3620

PA-800 Series Specsheet

Palo Alto Networks PA-800 Series next-generation firewall appliances, comprising the PA-820 and PA-850, are designed to secure enterprise branch offices and midsized businesses.

  • 4227

Firewall Feature Overview Datasheet

This datasheet provides a comprehensive overview of the critical PAN-OS features that power all next-generation firewalls from Palo Alto Networks.

  • 6365

Palo Alto Networks Logging Service

Palo Alto Networks® Logging Service introduces a simpler approach, managing valuable security logs while enabling innovative security applications in concert with Palo Alto Networks Application Framework.

  • 20

Palo Alto Networks Application Framework

Palo Alto Networks® is ushering in the future of security innovation, reinventing how customers rapidly access, evaluate and adopt the most compelling new security technologies as an extension of the Next-Generation Security Platform they already own and operate. The all-new application framework is a culmination of over a decade of security disruption, providing customers with superior security through compelling cloud-based apps developed by Palo Alto Networks and today’s most innovative security providers, large and small.

  • 16