1

Cyber Security threats and mitigations in the Healthcare

Sector with emphasis on IoMT security and Software
Defined Networking
M.D.B.Sandakelum
Sri Lanka Institute of Information Technology
IT21160134
AIA – IE3022
It21160134@my.sliit.lk

ABSTRACT The healthcare industry has experienced significant growth driven by the integration of modern
technology. Its main focus is to provide high-quality services through efficient utilization of information and
communication technology. However, this progress has made the healthcare sector more susceptible to cyber
threats due to the abundance of sensitive information, including patients' personal and medical data.
Consequently, cyber-attacks have resulted in substantial losses in this sector, necessitating proactive
measures.
As healthcare advances with modern technology, it faces increasing challenges such as
Ransomware, Phishing, data breaches, and DDoS attacks. These technological advancements have opened
up opportunities for extortion, kidnapping, and blackmail by exploiting this valuable information for
fraudulent activities. To mitigate losses and effectively address these challenges, the healthcare sector must
continue embracing current technology while reinforcing its cybersecurity measures.
One widely adopted security measure in the healthcare sector is Internet of Things (IoT) security.
IoT technology not only enhances productivity and efficiency within the healthcare system but also
establishes connections with third-party entities. However, critical devices like MRI and X-ray equipment,
essential to the system, can expose highly valuable patient and hospital data to cyber risks. These risks can
be mitigated effectively by addressing vulnerabilities in the IoT architecture.
IoT technology is complex, encompassing vital functions related to sensitive information, including
data and information storage, as well as financial transactions. It serves as a conduit for transmitting crucial
data and information. Technologies such as Software-Defined Networking (SDN), IoT, and Blockchain play
crucial roles in securing the healthcare sector against emerging cyber threats. Understanding these
technologies and implementing strategic countermeasures are pivotal in safeguarding the healthcare sector
against cyber threats that have evolved by 2022 due to modern technological advancements. This emphasizes
the need for adaptability and continuous enhancement of security measures in the healthcare industry. [1]

INDEX TERMS — Ransomware, MITM(man in the middle), IOT(Internet of Things), SDN(Software,

Defined Networks), Blockchain, Cyber Security, Threat Actors,

I. INTRODUCTION lives, the stakes in this field are exceedingly high,

Cybersecurity plays a crucial role in safeguarding
organizations from the perils of cyber threats. The
healthcare industry, in particular, grapples with a rising
tide of cyber-attacks owing to its heavy reliance on
advanced technology. Hospitals and healthcare
establishments have responded by establishing dedicated
teams to oversee cybersecurity measures. Studies
indicate that 75% of healthcare providers enhance service
delivery and efficiency through the prudent use of
contemporary technology. Given the direct link to human
distinguishing it from other forms of cyber threats. [2]
This specific domain warrants heightened focus,
primarily aimed at safeguarding critical patient
information and preserving the integrity of the entire
service organization against potential intruders,
particularly concerning credit card information. These
establishments store a wealth of sensitive data,
encompassing birth and death records, medical histories,
addresses, and identification numbers. Consequently, the

healthcare sector becomes an attractive target for cyber
threats due to the substantial volume of services offered
and the extensive data held. Hence, it is imperative to
exercise caution and prioritize cybersecurity measures
within this industry, as the main issue stems from the
healthcare sector's historical neglect of cyber protection.
[2]
II. RESEARCH STATEMENT
The primary goal of this review paper is to outline the
cyber threats and breaches prevalent in the healthcare
industry. It aims to present solutions to address the
challenges arising in healthcare due to the integration of
modern technologies, emphasizing effective strategies to
combat them. Specifically, it delves into the utilization of
IoT and SDN technologies within the healthcare sector.
Furthermore, the concluding section of the review paper
discusses recent advancements in information and
communication technology. [3]
III. LITERATURE REVIEW
As society progresses into the era of modern technology,
healthcare has evolved alongside it. The adoption of
contemporary technological tools and approaches has
gained widespread popularity, enabling more effective
service provision than in the past. However, this
advancement in technology has also introduced new and
intricate cyber risks and threats that were not previously
encountered. [3]
A. History & evolution
Enhancing this field is crucial for both patients and the
overall healthcare sector. It is essential for economic
growth within a country as well. The healthcare industry is
continuously progressing, incorporating advanced
technologies such as EHR, IOT, and SDN. Health
information management was initially recognized in 1920,
encompassing comprehensive data on employees, patients,
and institutions. Standardization of American medical
records commenced in 1928, marking a significant
milestone in information utilization and dissemination
through written media. The integration of computers in
healthcare occurred during the 1960s-1970s, allowing for
the display of a patient's health history and enabling
informed decisions about their well-being. Medicare,
Medicaid was introduced in 1965. [4]
During this period, the health information system
witnessed significant advancements. In the initial years,
computer usage in the healthcare sector was not
widespread. However, as time progressed, the adoption of
computers in hospitals gained traction. By 1965, a total of
73 hospitals had successfully implemented computerized
reporting. Nonetheless, it's important to note that during
2
this era, health-related information technology came at a
considerable cost, with the presence of large-scale
computers. It was in the year 1980 when desktop
computers were introduced, marking a pivotal moment in
the integration of computers within the healthcare domain.
Subsequently, the utilization of computers in daily
operations increased rapidly, shaping a new landscape for
efficient healthcare management. [4]
Dragon Systems began to be utilized in 1982. As the late
1980s approached, there was a notable surge in the
utilization of this software. Its applications extended to
billing, managing hospital and patient records, and
organizing doctor's schedules. Computers were employed
to document patient admissions, registrations, and other
pertinent details. However, a significant drawback was the
inadequate communication methods in place. Around the
mid-1980s, the Institute of Medicine (IOM) began to
emphasize the promising outcomes of electronic records.
This emphasis culminated in a publication in 1991, where
they highlighted issues concerning safety, noncompliance
with standards, and the substantial costs associated with
purchasing and installing computer systems. In the 1980s,
the Major Patient Index (MPI) was introduced, followed
by the establishment of the Health Services Information
Exchange (HIE), tailored for 38 health systems and 100
hospitals. The pivotal creation of the World Wide Web
(WWW) occurred in 1990. [5]
Communication of information initially commenced via
web browsers. ICD coding commenced in 1994. Health
information technology headquarters were established in
2011, and lists of RECs were also present during this
period. By 2015, electronic health records became legally
recognized, with 87% of hospitals utilizing modern
technology. During this era, the primary focus was on
enhancing service accuracy and safeguarding quality while
reducing costs. The integration of technology in the
healthcare sector led to the emergence of various
cybersecurity challenges, impacting the privacy of
patients, employees, and the entire service organization.
[5]
Figure 1: Healthcare sector by attacks types. [6]

Ransomware, email-based assaults, insider threats, and
cyberattacks associated with applications are
predominantly observed within the healthcare industry.
Nearly half (46.4%) of these incidents involve
ransomware, followed by email-related attacks accounting
for 24.6%. Insider risks make up 7.3%, and cyber threats
associated with applications constitute 5.6% of the total.
Additionally, 5% of identified risks are related to databases
in this sector. [7]
Over the past year, a significant number of cyber incidents
targeted hospitals, constituting 30% of all cyber-attacks
and risks within the health sector. In 2021, an alarming
93% of healthcare institutions experienced cyber issues
linked to data security. One notable event occurred in
December 2020, when the Vietnamese healthcare firm,
Innovative Solution for Healthcare (ISOFH), fell victim to
a cyber-attack resulting in the theft of personal data from
80,000 individuals. [8]
Between 2005 and 2019, almost half (43.38%) of the
attacks were centered around data. The following
information outlines the cyber threats linked to data
breaches spanning from 2014 to 2020, vividly illustrating
the notable surge in cyber-attacks within this domain. [8]
Figure 2 : Growth in Cyber attacks related to data breach
in the healthcare sector.
3
Figure 2 : Growth in Cyber-attacks related to data breach
in the healthcare sector in 2022.
In 2014, the percentage stood at 12%, which then increased
to 21% in the subsequent year of 2015. The trend continued
in 2016, with a noticeable rise to 35%. Subsequently, in
2017, the figure escalated to 42%, and by the year 2018, it
further extended to 43%. The peak was observed in 2019,
reaching 61%, marking a significant surge. This upward
trajectory persisted, reaching 69% in 2020. Analyzing this
progression sheds light on the discernible growth in
cyberattacks over the years. [9]
The healthcare sector, along with the broader economy,
heavily relies on data. Presently, there have been numerous
instances of data breaches in the healthcare industry. Every
year, a significant number of hospitals face the risk of these
breaches, resulting in financial and other significant losses.
[10]
Figure 3 : Cyber threat actors
In the latter part of 2020, instances of cyber-attacks
targeting healthcare facilities were on the rise. Hackers
employed various tactics such as botnets, remote code
execution, DDoS attacks, and ransomware to compromise
these institutions. According to reports from 2020, the
incidence of ransomware attacks saw a significant surge of
71% globally. The Asia-Pacific region experienced a 33%

increase, while European countries observed a 36% rise in
ransomware attacks. Overall, cyber-attacks on healthcare
witnessed a worrisome growth of 45% across the globe.
[10]
Analyzing the geographical distribution of these cyber-
attacks, the South East Asia region accounted for 11% of
such attacks within the healthcare sector. South Europe
saw 17% of cyber-attacks, Liberia observed 23%, and Asia
reported 37%. The South Asia region also experienced a
significant 37% share of these attacks. North America and
Eastern Europe saw 37% and 67%, respectively. Latin
America faced a concerning 112% increase, East America
saw a staggering 137% rise, and Central Europe
experienced an alarming 145% surge in cyber-attacks.
Remarkably, the highest incidence was documented in
Central America at an alarming 145%, whereas the lowest
was recorded in South East Asia at 11%.
Figure 4 : Increase in Healthcare Cyber-attacks by region.
[11]
Figure 5 : Increase in Healthcare Cyber-attacks by region.
[12]
The most significant cybersecurity breaches reported
in healthcare history.
The attack that took place in Anthem Blue Cross Company
in January 2015 involving 78.8 million people.
4
On the March 2019, the attack on American Medical
Collection Agency involved 26.1 million people.
On the November 2020, the attack on Brazil Ministry of
Health involved 16+ Million people.
The attack that took place in Advocate Medical Group
between July and November 2015 involving 4 million
people. [13]
B. Impact of Healthcare Cyber-attack [14]
Financial
Because of these security breaches within a service
organization, there exists a financial burden to restore
stability to the organization and its infrastructure. This
encompasses losses stemming from fraudulent activities or
extortion. Moreover, this financial impact extends to
compensating affected patients or individuals. Investing in
financial resources is necessary to fortify cybersecurity
and mitigate such risks. [15]
Corporate
A medical facility that has built a strong rapport with both
its patients and staff is jeopardizing its reputation.
Consequently, the trust from patients and employees is
dwindling, potentially leading to financial distress as
patients may seek healthcare elsewhere, risking the
institution's financial stability. [15]
Personal damage
Financial harm to oneself is exacerbated by activities such
as extortion, further exacerbating the distress experienced
by individuals. Additionally, this situation significantly
impacts the mental well-being of those involved, leading
to increased stress levels. [15]
C. Benefits of the Information Technology related
to the healthcare sector. [16]
As a result of the technological revolution, hospitals and
healthcare have significantly advanced, leading to a
notable enhancement in patient care and ultimately saving
numerous lives. Modern and sophisticated technical
devices have played a crucial role in this transformation,
not only benefiting the healthcare sector but also
contributing positively to the overall economy. The
integration of cutting-edge technology has propelled the
healthcare industry to operate efficiently, with a focus on
precision and speed, streamlining hospital operations for
improved ease and effectiveness.

a) Facilitation of medical record processing
Historically, all information was meticulously crafted from
written records, presenting numerous challenges. Some of
these challenges included significant financial
investments, extensive time commitments, a considerable
workforce, and potential issues like document theft. [17]
Contemporary technological tools are extensively utilized
for gathering patient data. In contrast to the methods reliant
on paper and physical documents prevalent in the 1970s
and 1980s, hospitals now efficiently employ computers for
their operations. Extensive patient information,
encompassing medical history, diagnoses, alterations in
health status, dates of birth and death, is securely stored
within databases. This allows for easy retrieval of vital data
from hospitals or designated service providers as needed.
[17]
b) Minimize errors by doctors.
Physicians are individuals, susceptible to human errors just
like anyone else. Advancements in technology have played
a significant role in minimizing these errors. An
illustration of this is the Clinical Decision Support System
(CDS), which delivers crucial information to both patients
and medical professionals. These interactions adhere to
established standards and have effectively led to a 55%
reduction in serious errors and an 83% decrease in overall
errors.
c) Through this, the number of patients can be
increased.
Many patients can engage in the healthcare process,
bolstering their confidence through the integration of
contemporary technologies. For instance, tools like Fitbits
can track patients' blood pressure, and advancements like
ECG machines simplify disease diagnosis. These
technologies contribute to enhanced quality of care,
enabling efficient patient management, cost reduction, and
improved patient education. The advantageous outcomes
stemming from technology integration are significant. [18]
D. Cybersecurity Security in the Healthcare
Sector
Establishing cybersecurity measures is crucial to safeguard
organizations from both external and internal threats.
Particularly in the realm of providing medical services, it
is vital to ensure the correct operation of medical
equipment and tools, as well as the protection of
confidential information belonging to both employees and
patients. Legal protocols and processes are instituted to
manage these aspects effectively. Keeping pace with
evolving technology, cybersecurity plays a crucial role in
resolving emerging challenges within this domain. [19]
5
Numerous technology-driven tools are present in this
sector, encompassing EHR systems, X-ray devices,
various electronic devices, training support systems, and
clinical judgment devices. Effectively countering potential
attacks requires a robust cybersecurity infrastructure.
Additionally, a significant portion of these tools in
healthcare institutions are connected to the internet,
including elevators, electric heating systems, and remote
monitoring equipment, all of which necessitate adequate
safety measures.
By implementing comprehensive cybersecurity measures,
an organization can not only successfully mitigate cyber
risks but also proactively work towards preventing adverse
incidents. This approach helps in streamlining operations,
eliminating bottlenecks, and ultimately enhancing overall
efficiency. [20]
Figure 6 : Increase in Healthcare Cyber Security market.
[21]
E. IOT in the healthcare sector
The integration of Internet of Things (IoT) technology has
become prevalent in the healthcare industry. This
advancement allows patients to access crucial health-
related information from the comfort of their homes,
eliminating the need for frequent hospital visits. Its
simplicity and accessibility make a significant difference
for both patients and medical professionals, greatly
benefiting the healthcare institution as a whole. [22]
E.a. IOT Benefits
a) Ability to respond immediately.
Serious illnesses such as heart disease require
immediate attention and treatment. Delaying
treatment can have devastating consequences for
patients, impacting their lives significantly.
However, utilizing real-time monitoring
technology can play a crucial role in addressing
these issues and improving patient outcomes.
 6

the data plane to decide how to exceptional navigate this

b) Collecting and processing data has become a
breeze, thanks to the advancement of technology.
Now can swiftly gather and crunch vast amounts
of data and information without breaking a sweat.
Additionally, storing and managing this data is
now faster and more efficient, thanks to the
priority given to IoT in implementing these
activities.
E.b. IOT application in the healthcare sector
a) Hearables
This design is in reality splendid in the realm of
internet of factors (IoT). It's in particular beneficial
for those who are deaf, permitting them to talk
efficiently. Additionally, its functionality resembles
that of a cell device, providing ease of operation.
b) Ingestible sensors
This technique is used to detect diseases from
inside the body.
F. SDN ( Software-defined networking)
healthcare sector
Nowadays, this technology is considerably applied to
supply services with super efficiency. Its substantial
application these days helps in maintaining service
networks, minimizing problems and disruptions, and
streamlining carrier provision. The focal point is the
networking interfaces, with routers and switches playing a
pivotal function. They successfully facilitate the
relationship of numerous sub-networks into a cohesive
community, utilising optical packets. All of this operates
on a software-based totally gadget. [23] [24]
F.a. Benefits of SDN
"traffic." software program-defined Networking (SDN)
plays a pivotal role in organising a preferred way for
those planes to talk effectively. Not unusual SDN
protocols like OpenFlow, Open vSwitch Database
management protocol, and OpenFlow Configuration
protocol (OF-CONFIG) help streamline this communique
procedure. [25]
With the aid of adopting a standardized SDN protocol to
hyperlink the statistics and manipulate planes, a
numerous array of statistics from the statistics plane may
be collected from an outside server, regularly situated
within the cloud, the use of the universally prevalent
OpenFlow protocol. This breakthrough sets the degree for
a mess of e-healthcare applications to thrive, finding a
home within the cloud layer.
In Figure 7, we illustrate our envisioned setup where
IoMT (Internet of Medical Things) devices are
interconnected with e-healthcare applications using SDN
(Software-Defined Networking) technology. These
applications, which can be hosted in the cloud or at the
fog layer, are responsible for managing health-related
data.
in
The SDN control plane acts as the intermediary, gathering
data from IoMT devices and facilitating its transmission
to the respective e-healthcare application. These
applications serve various purposes, such as ensuring
security and privacy, aiding in patient diagnoses, or
enhancing patient safety.
Moreover, Figure 7 showcases a northbound interface,
vital for communication between the SDN control plane
and an AI application. This interface plays a key role in
data collection from the control plane and enables the AI
application to send commands to IoMT devices. [26]

A) fast and ordinary operation.

B) potential to connect and talk with a big

number of gadgets simultaneously.

C) Being robust and shielding.

D) unnecessary fees can be reduced.

IV. SDN in IOMT

Figure 7 : SDN enabled IOMTs. [26]
Within the realm of IoMTs (internet of clinical matters),
the network element may be visible in two foremost
sides: (1) the records aircraft and (2) the manipulate
plane. Think of the statistics plane as the toll road that
directs visitors to its supposed vacation spot, while the
manage plane handles essential responsibilities, allowing
 7

V. CYBER ATTACKS, THREATS, MITIGATING d) Malware

FACTORS AND THREAT ACTORS IN THE
HEALTHCARE SECTOR [27] An application or device designed to gain unwanted
access to systems. [32]
A) Threat
H. Ransomware in the healthcare sector.
A malicious process that attempts to harm, disrupt,
and damage a service company's sources
While searching at diverse sectors, the health
(information). [28]
enterprise has skilled sizeable enlargement because of
the upward thrust of ransomware. Ransomware has
Example: DDos, Virus, Malware
had a exceptional effect within this domain. During
the last 12 months, round two-thirds (66%) of
B) Threat Actors
healthcare service carriers determined themselves
focused via these attacks. From a numerical
The agency or individual answerable for cyber-
perspective, the upward push in these threats has been
assaults.
tremendous. This malicious software program
infiltrates an organization's digital documents, causing
G. High – Risk Attacks in Healthcare Sector.
a slowdown in their service operations. On common,
Healthcare those assaults affect almost 60% of the machines
Threats Organizations within an organisation. Typically, they originate from
Affected unsuspecting clicks on e mail hyperlinks. [33]
Malicious 72%
Network Traffic In Figure 8, it is obvious that the healthcare enterprise,
Phishing 56% like many others, faces giant cyber dangers. The
records suggests that 13.9% of cyber issues are
Vulnerable OS 48%
specially connected to the healthcare region. [34]
Man-In-Middle 6%
attacks
Malware 8%
Table 1 [29]

a) Malicious Network Traffic

Community system and the information that flows

through the network can fall victim to those attacks.
Those malicious sports target computers and other
electronic devices related to the community. Intruders
gain unauthorized access to software program and
structures, main to records breaches. This
unauthorized get entry to can disrupt the smooth
functioning of a whole medical institution, impacting
its operations. [30]

b) Phishing

Social networks are largely operational. By clicking a

link, the process is done in this regard. Most are done Figure 8 : Ransomware in Healthcare sector. [34]
through emails.
According to data from the FBI, around 7% of on-line
c) Man in middle proceedings pertain to problems with health facility
services. [35]
Unauthorized 3rd parties launch assaults, appearing as
middlemen among the sender and supposed receiver
of statistics. [31]
 8

I. Type of Ransomware. Method How the process works

Getting Backups In order to protect the
Crypto information, it is
These damages the documents in a computer so that definitely advisable to
they cannot be used once more. This is usually used keep the information
for extortion. backed up. A pen drive
or a google drive can
Locker store this information.
Not like crypto, this type of ransomware works to This method can be
fasten the consumer's tool. An assault like this poses a easily used to keep
huge risk. information more
secure.
Bad rabbit Training and imparting Consumers and users
Most not unusual in Russia. Whilst a laptop is knowlage can reduce the risks by
inflamed, the consumer of that computer is attached to informing them about
a piece Coin web page. these attacks. Most of
these risks happen
Cerberus through clicks based on
Those attacks are launched in opposition to people the emails. Awareness
usage of Microsoft 365. A massive range of human should be given in such
beings around the sector are stricken by this. a way that these
nonsecure messages can
be identified. Through
Crysis that, this problem can be
This method is effective on constant networks. successfully faced.
Typically, it is a strong technique for launching Use after content This problem can also be
assaults. However, it is crucial to notice that this is filtering solved by using content
executed with deceptive intentions. [36] after filtering it in a safe
way.
Avoid clicking on Avoiding clicking on
J. Prevent and mitigate Ransomware unsafe email unsafe emails will
attacks. [37] prevent these problems.
Software updating Protection from these
There is three steps can mitigate this; attacks is done by
constantly updating the
1) Avoid paying ransom in Ransomware problem. software. By using
2) Refer to data backup. updated software and
3) Decrypt the image with Ransomware only if there devices to identify these
is no backup. [38] harmful conditions, the
crisis can be completely
prevented.
Identifying attacks By identifying attacks in
advance, those risks can
be reduced and dealt
with well.
Table 2
L. MITM – Man in the Middle Attack.
Figure 9 : Mitigating Ransomware Attacks. [38]

K. Methods for obtaining protection. [39]

• Getting Backups.
• Training and imparting knowledge.
• Use after content filtering.
• Avoid clicking on unsafe email.

Figure 10 : Man in the middle attacks. [40]

 9

M. Types of Man in the middle attacks.

The assaults in question involve a covert attempt to

gather records by means of posing as a third party, in
the long run serving as a intermediary between the
sender and receiver at some point of conversation. The
acquired statistics is then misused for unauthorized
sports. Coping with this case is particularly hard,
within the realm of banks and different economic
institutions. [41]

Figure 12 : Example of man in the middle attack. [42]

N. Prevent and mitigate Man in the middle

attacks. [44]

a) Authentication

Authentication performs a important function in

making sure the validity and protection of messages.
It mainly specializes in safeguarding structures like
TSL from capability assaults. By way of doing so, it
enables in efficaciously figuring out and addressing
risky or inappropriate records and messages. Those
Figure 11 : Types of exploitation in man in the middle
authentication techniques continuously offer a means
attacks. [42]
to confirm and uphold protection.

b) Tamper detection. [45]

Attack type Process of the attack
Active session attack In active attacks, when the
This process will check any information that has been
information sender altered, ensuring security in the process.
connects with the
information receiver, the
information exchange is
stopped and when the
sender leaves, the attacker
pretends to be the sender
and commits information
spoofing. There the
attacker connects directly
to the client.
Passive session In a passive attack, the
attack attacker observes the
communication process.
At the same time
everything is listened to.
Here fraud is done by
eavesdropping while not
interrupting
Figure 13 : Chart of middle attack. [42] [46]
Table 3 [43]

VI. FUTURE RESEARCH
In recent times, the healthcare area has witnessed
extensive adjustments propelled with the aid of
advancements in generation. Numerous groundbreaking
improvements had been integrated into the world,
showcasing a fusion of present-day generation and
progressive improvement. Significantly, there's a terrific
adoption of technology like the internet of factors (IoT),
software program-described Networking (SDN), and
digital scientific facts (EMR). Additionally, artificial
intelligence (AI) is being leveraged in the form of clever
strategies, marking a widespread stride forward. The
utilization of artificial frameworks like exoskeletons for
patients sticks out as a top notch and empowering
advancement. Furthermore, numerous modern designs
are on the verge of revealing, with several others
presently undergoing trying out and refinement. [47]
VII. CONCLUSION
Unlike in the distant past, nowadays the healthcare sector
is dealing with technology. Although the service station
has received very high benefits through the use of modern
technologies andit had to face many cyber risks and
attacks through this. Because the complexity is increasing
daily, there is a high percentage of risk. The objectives of
providing cyber security are to achieve stability and
success in a business service organization by
successfully facing these problems and risky situations.
The trust of employees and patients grows in
organizations that have proven cyber security among
competitive organizations. Also, this institution is moving
ahead of other institutions and achieving high success in a
short period of time. The goal of this review paper was to
identify the cyber risks in the healthcare sector and
introduce the measures to be taken to prevent them as
well as modern technologies. [48]
VIII. ACKNOWLEDGEMENT
Lecturer who provided valuable advice and guidance for
successful completion of this review. The author of this
paper expresses his heartfelt thanks to Kanishka Yapa
Sir, K.H.Kohilan sir and all those who helped in this.
IX. REFERECES
[1] "fraudwatch," 13 Sep 2022. [Online]. Available:
https://fraudwatch.com/cyber-threats-iot-security-in-the-
healthcaresector/.
[2] 13 Sep 2022. [Online]. Available:
https://www.investopedia.com/terms/h/health_care_sector.a.
[3] Medical IT Services , [Online]. Available: Types of Cyber
Security Threats.
[4] [Online]. Available: https://www.linkedin.com/pulse/evolution-
technology-healthcarebhaskari-budhavarapu/?_l=en_US.
[Accessed 13 September 2022].
10
[5] "Hati International," [Online]. Available:
https://hatiintl.com/blog/technology-in-healthcare-a-
longandcontinuing-history. [Accessed 02 October 2023].
[6] E. A. Al-Qarni, "Attaks types od healthcare sector," Cybersecurity
in Healthcare: A Review of Recent, vol. 1, p. 6, 2023.
[7] "Comcast Bussiness," [Online]. Available:
https://business.comcast.com/community/browse-all/details/sdn-
powering-the-next-generation-of-healthcare-networks. [Accessed
02 October 2023].
[8] E. O'Dowd, "TechTarget," [Online]. Available:
https://hitinfrastructure.com/features/benefits-of-software-
defined-networking-in-healthcare. [Accessed 02 October 2023].
[9] D. Duran, "linkedin," [Online]. Available:
https://www.linkedin.com/pulse/top-7-healthcare-sector-
cybersecurity-challenges-dan-duran/. [Accessed 02 October
2023].
[10 C. C. f. C. Security, "An introduction to the cyber threat
] environment," vol. 1, p. 18, 2022.
[11 S. C. Team, "safetydetectives," 31 July 2023. [Online]. Available:
] https://www.safetydetectives.com/blog/healthcare-cybersecurity-
statistics/. [Accessed 02 October 2023].
[12 S. Tripathi, "epixelsoft," 27 May 2020. [Online]. Available:
] https://www.epixelsoft.com/blog/healthcare-cyber-security-
growth-trends-and-forecast-2020-2025. [Accessed 02 October
2023].
[13 A. Wolf, The Top 15 Healthcare Industry Cyber Attacks of the
] Past Decade, 22 August 2023.
[14 P. C. E. P. M. M. P. M. S. G. P. Tom Bias, "Cyber Threats and
] Healthcare Organizations," Cyber Threats and Healthcare
Organizations: A Public Health, p. 140, 2018.
[15 E. Snell, "healthitsecurity," 21 October 2016. [Online]. Available:
] https://www.healthitsecurity.com/news/what-is-the-full-impact-
of-a-healthcare-cybersecurity-attack. [Accessed 02 October 2023].
[16 D. H. K. Basnayaka, "Benifits of Information Technology related
] to the healthcare sector.," Cyber Security threats and mitigations
in the Healthcare Sector, vol. 1, p. 10, 2022.
[17 B. Brod, "securityinfowatch," 26 Jan 2021. [Online]. Available:
] https://www.securityinfowatch.com/cybersecurity/article/2120726
8/7-cyber-threat-actors-to-watch-for-in-2021. [Accessed 02
October 2023].
[18 "Avertium," 29 October 2021. [Online]. Available:
] https://explore.avertium.com/resource/cyber-threats-in-the-
healthcare-industry. [Accessed 03 October 2023].
[19 B. C. A. S. D. F. Subrata Acharya, "Electronic Health Record,"
] Secure Electronic Health Record Exchange:, vol. 1, p. 10, 2013.
[20 "trellix," [Online]. Available: https://www.trellix.com/en-
] us/security-awareness/ransomware/what-is-ransomware.html.
[Accessed 03 October 2023].
[21 "Healthcare Cybersecurity Market," July 2023. [Online].
] Available: https://www.precedenceresearch.com/healthcare-
cybersecurity-market. [Accessed 03 October 2023].
[22 M. Elgan, "securityintelligence," 19 July 2022. [Online].
] Available: https://securityintelligence.com/articles/hospital-
ransomware-attack-security-success-story/. [Accessed 03 October
2023].
[23 "cisecurity," [Online]. Available:
] https://www.cisecurity.org/insights/blog/ransomware-in-the-
healthcare-sector. [Accessed 03 October 2023].
[24 "cisecurity," [Online]. Available:
] https://www.cisecurity.org/hospitals. [Accessed 03 October
2023].
[25 A. b. h. H. K. M. S. Karim Abouelmehdi, "data security and
] privacy in healthcare:," Big data security and privacy in
healthcare: A Review, p. 80, 2017.

[26 S. R. &. S. Sharma, "tandfonline," 23 May 2021. [Online].
] Available:
https://www.tandfonline.com/doi/full/10.1080/02564602.2021.19
27863. [Accessed 03 October 2023].
[27 G. Eysenbach, "Health Care Cybersecurity Challenges and
] Solutions Under the Climate of COVID-19," Journal of Medical
Internet Research, p. 10, 2021.
[28 K. Krisberg, "Cybersecurity: Public health increasingly facing
] threats," The Nation’s Health, p. 1195, 2017.
[29 D. S. T. L. R. J. C. T. J. &. B. T. Barnett, "Cyber security threats
] to public health.," World Med Health Polic, vol. 5, p. 46, 2013.
[30 L. Kessem, "securityintelligence," 07 July 2021. [Online].
] Available: https://securityintelligence.com/posts/revil-
ransomware-kaseya-supply-chain-attack/. [Accessed 03 October
2023].
[31 M. C. Blogs, "microsoft," 20 Jul 2021. [Online]. Available:
] https://blogs.microsoft.com/on-the-issues/2021/07/20/the-
growing-threat-of-ransomware/. [Accessed 03 Oct 2023].
[32 C. F. B. J. T. &. M. D. Kruse, "Cybersecurity in healthcare.,"
] Technol Health Care, pp. 1-10, 2017.
[33 J. Besenyő, "HEALTHCARE CYBERSECURITY THREAT
] CONTEXT AND MITIGATION OPPORTUNITIES," Security
Science Journal , vol. 4, p. 19, 2023.
[34 I. Belcic, "avast," 03 Feb 2022. [Online]. Available:
] https://www.avast.com/c-biggest-ransomware-attacks. [Accessed
03 October 2023].
[35 "fbi," FBI, 17 March 2021. [Online]. Available:
] https://www.fbi.gov/news/press-releases/fbi-releases-the-internet-
crime-complaint-center-2020-internet-crime-report-including-
covid-19-scam-statistics. [Accessed 03 Oct 2023].
[36 S. Shea, "Types of ransomware and a timeline of attack
] examples," The complete guide to ransomware, vol. 1, p. 30,
2022.
[37 L. Ayala, "Cybersecurity for hospitals and healthcare facilities," A
] guide to detection and, 2016.
[38 Microsoft, "Microsoft," 07 September 2021. [Online]. Available:
] https://www.microsoft.com/en-us/security/blog/2021/09/07/3-
AUTHOR PROFILE
M.D.B. Sandakelum is an enthusiastic undergraduate
student pursuing his degree in BSc. Hons Information
Technology degree specialization in cyber security. It’s his
first review article. This article explores the realm of
healthcare technology, specifically focusing on cyber
threats and their mitigation within the sector. Sandakelum
is excited to learn more about IOMT security and SDN to
contribute to evolving field of healthcare cybersecurity.
11
steps-to-prevent-and-recover-from-ransomware/. [Accessed 03
October 2023].
[39 M. L. M. S. M. L. F. d. S. Fábio Martins Dias, "Risk
] management," Risk management focusing on the best practices of
data security systems for healthcare, p. 78, 2021.
[40 R. Izquierdo, "5 Ways to Prevent a Man-in-the-Middle
] Cyberattack," 5 Aug 2022.
[41 F. V. M, "beaglesecurity," 03 Dec 2020. [Online]. Available:
] https://beaglesecurity.com/blog/article/man-in-the-middle-
attack.html. [Accessed 03 October 2023].
[42 "javatpoint," [Online]. Available:
] https://www.javatpoint.com/cyber-security-mitm-attacks.
[Accessed 03 October 2023].
[43 F. A. M. J. K. S. H. Abdul Razaque, "Cybersecurity
] Vulnerabilities, Attacks," Survey: Cybersecurity Vulnerabilities,
Attacks and Solutions in the Medical Domain, vol. 7, p. 168797,
2019.
[44 J. R. T.-P. D. L.-V. F. Salem T. Argaw, "Mitigating the risks,"
] ybersecurity of Hospitals: discussing the challenges and working
towards mitigating the risks, pp. 1-10, 2020.
[45 P. mediacenter, "pandasecurity," 17 Feb 2020. [Online].
] Available:
https://www.pandasecurity.com/en/mediacenter/news/bec-scam-
medical-center/. [Accessed 03 Oct 2023].
[46 beaglesecurity, "beaglesecurity," 03 Dec 2020. [Online].
] Available: https://beaglesecurity.com/blog/article/man-in-the-
middle-attack.html. [Accessed 03 Oct 2023].
[47 "cisecurity," [Online]. Available:
] https://www.cisecurity.org/insights/blog. [Accessed 03 October
2023].
[48 K. S. Bhosale, M. Nenova and G. Iliev, "IEEE," A study of cyber
] attacks: In the healthcare sector, 16 November 2021.
[49 R. R. E. M. M. S. R. &. K. C. Luna, "Cyber threats to health
] information sysytem," Technol Health Care, pp. 1-9, 2016.