|
NEXT PAGE >
LINGUISTIC NUANCES |
2026 CASE STUDY | AN ETHICAL APPROACH TO HACKING
CYBERSECURITY IN HEALTHCARE
DESIGNED FOR IB EXAMINATIONS
DESIGNED FOR IB EXAMINATIONS
FLIP CARDS
CYBERSECURITY IN HEALTHCARE
Why Hospitals Are High-Value Cyber Targets
Modern hospitals, like MedTechPro Hospital (MTPH) in the 2026 IB Computer Science case study, rely heavily on interconnected technologies to deliver efficient and life-saving care. Electronic Health Records (EHRs), connected medical devices, and internal communication systems all depend on secure digital infrastructure. This dependence makes hospitals one of the most attractive targets for cyberattacks.
1. The Value of Patient Data
This data is far more valuable than a credit card number on the black market, a single complete medical record can sell for 10–20 times the price of financial data. Criminals use this information for:
Because medical records cannot be easily changed (unlike a password or card number), they are especially profitable for cybercriminals.
2. Dependence on Continuous Operations
This makes them prime targets for ransomware attacks. Hackers know hospitals cannot afford prolonged system outages and are therefore more likely to pay ransom demands quickly to restore access.
Example: A ransomware attack may encrypt patient data, forcing the hospital to choose between paying the attacker or risking critical care delays.
3. Complex and Interconnected Systems
Each of these systems can introduce vulnerabilities. For example, outdated IoT devices may lack proper security updates or encryption, making them potential entry points into the wider hospital network.
4. Human Factors and Social Engineering Risks
Attackers exploit this through social engineering, using tactics such as pretexting (impersonating IT staff) or vishing (voice phishing) to obtain access credentials.
5. Regulatory and Ethical Pressures
Hospitals must comply with strict data protection and privacy standards to safeguard patient information. A data breach not only leads to financial and operational damage but also:
From an ethical hacking perspective, cybersecurity professionals must test and secure hospital systems without endangering patients or disrupting essential services.
Summary
Understanding these risks helps cybersecurity teams like CyberHealth Security apply the Penetration Testing Execution Standard (PTES) effectively while maintaining patient safety and ethical responsibility.
Modern hospitals, like MedTechPro Hospital (MTPH) in the 2026 IB Computer Science case study, rely heavily on interconnected technologies to deliver efficient and life-saving care. Electronic Health Records (EHRs), connected medical devices, and internal communication systems all depend on secure digital infrastructure. This dependence makes hospitals one of the most attractive targets for cyberattacks.
1. The Value of Patient Data
- Hospitals hold vast amounts of sensitive personal information, including:
- Full names, addresses, and national identification numbers
- Medical histories, test results, and prescriptions
- Insurance and payment information
This data is far more valuable than a credit card number on the black market, a single complete medical record can sell for 10–20 times the price of financial data. Criminals use this information for:
- Identity theft
- Insurance fraud
- Blackmail or extortion
Because medical records cannot be easily changed (unlike a password or card number), they are especially profitable for cybercriminals.
2. Dependence on Continuous Operations
- Hospitals operate 24/7, and any downtime can have serious consequences, including:
- Delayed treatment or diagnosis
- Disrupted surgeries or medical device functions
- Risk to patient lives
This makes them prime targets for ransomware attacks. Hackers know hospitals cannot afford prolonged system outages and are therefore more likely to pay ransom demands quickly to restore access.
Example: A ransomware attack may encrypt patient data, forcing the hospital to choose between paying the attacker or risking critical care delays.
3. Complex and Interconnected Systems
- Hospitals use a vast range of technologies:
- Electronic Health Records (EHRs)
- Internet of Things (IoT) devices such as infusion pumps, patient monitors, and MRI machines
- Wireless networks and cloud storage
- Third-party software for billing, scheduling, and communications
Each of these systems can introduce vulnerabilities. For example, outdated IoT devices may lack proper security updates or encryption, making them potential entry points into the wider hospital network.
4. Human Factors and Social Engineering Risks
- Healthcare workers focus primarily on patient care, not cybersecurity. This can lead to:
- Weak or reused passwords
- Accidental sharing of sensitive data
- Clicking on phishing emails disguised as hospital notices or medical alerts
Attackers exploit this through social engineering, using tactics such as pretexting (impersonating IT staff) or vishing (voice phishing) to obtain access credentials.
5. Regulatory and Ethical Pressures
Hospitals must comply with strict data protection and privacy standards to safeguard patient information. A data breach not only leads to financial and operational damage but also:
- Violates patient trust
- Damages reputation
- Raises ethical concerns about confidentiality and care standards
From an ethical hacking perspective, cybersecurity professionals must test and secure hospital systems without endangering patients or disrupting essential services.
Summary
- Hospitals are high-value targets because they:
- Store sensitive and lucrative data.
- Depend on constant system availability.
- Operate with complex, interconnected technology.
- Are vulnerable to human error and social engineering.
- Face high ethical and regulatory expectations.
Understanding these risks helps cybersecurity teams like CyberHealth Security apply the Penetration Testing Execution Standard (PTES) effectively while maintaining patient safety and ethical responsibility.
QUICK QUESTION
Quick Question: Why are hospitals prime targets for ransomware attacks?
A. They store large amounts of cryptocurrency
B. They cannot tolerate downtime due to 24/7 patient care needs
C. They rarely use any digital systems
D. Medical records are easy to change and replace
.
Cyberattack | A deliberate attempt by an individual or group to gain unauthorized access to a computer system, network, or data for malicious purposes such as theft, damage, or disruption.
Electronic Health Record (EHR) | A digital version of a patient’s medical history maintained by healthcare providers, containing personal, medical, and treatment information.
Ransomware | A type of malware that encrypts data or locks systems until a ransom is paid by the victim, often using cryptocurrencies.
Malware | Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems. Examples include viruses, worms, Trojans, and ransomware.
Social Engineering | Manipulating people into revealing confidential information or performing actions that compromise security (e.g., clicking phishing links).
Phishing | A social engineering technique that uses deceptive emails or messages to trick users into revealing credentials or downloading malicious software.
Vishing | Short for “voice phishing,” where attackers use phone calls to trick individuals into providing sensitive information.
Pretexting | A form of social engineering where an attacker creates a fabricated scenario (a “pretext”) to persuade a target to reveal information or perform an action.
Identity Theft | The illegal use of someone’s personal data (such as name, address, or ID number) to commit fraud or other crimes.
Open-Source Intelligence (OSINT)Information collected from publicly available sources, such as websites, social media, and online databases, used to assess potential vulnerabilities.
Internet of Things (IoT) | A network of interconnected devices that communicate and share data, often used in healthcare for monitoring and diagnostics (e.g., smart monitors, infusion pumps).
Vulnerability | A weakness in a system or network that could be exploited by a threat actor to gain unauthorized access or cause harm.
Data Breach | The unauthorized access, disclosure, or loss of confidential data, often resulting in privacy and financial consequences.
Defense-in-Depth | A layered security strategy that uses multiple defensive mechanisms to protect data and systems.
Confidentiality | Ensuring that sensitive data is accessible only to authorized individuals and protected from unauthorized disclosure.
Integrity | Guaranteeing that data remains accurate and unaltered during storage or transmission.
Availability | Ensuring that authorized users have reliable access to data and systems when needed—particularly critical in healthcare environments.
Ethical Hacking | Authorized and legal hacking performed by cybersecurity professionals to identify and fix vulnerabilities before malicious hackers exploit them.
Penetration Testing (Pen Test) | A simulated cyberattack on a system to evaluate its security, following a structured standard such as PTES.
Critical Infrastructure | Systems and assets essential for the functioning of a society or economy—healthcare systems are considered part of this category.
Electronic Health Record (EHR) | A digital version of a patient’s medical history maintained by healthcare providers, containing personal, medical, and treatment information.
Ransomware | A type of malware that encrypts data or locks systems until a ransom is paid by the victim, often using cryptocurrencies.
Malware | Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems. Examples include viruses, worms, Trojans, and ransomware.
Social Engineering | Manipulating people into revealing confidential information or performing actions that compromise security (e.g., clicking phishing links).
Phishing | A social engineering technique that uses deceptive emails or messages to trick users into revealing credentials or downloading malicious software.
Vishing | Short for “voice phishing,” where attackers use phone calls to trick individuals into providing sensitive information.
Pretexting | A form of social engineering where an attacker creates a fabricated scenario (a “pretext”) to persuade a target to reveal information or perform an action.
Identity Theft | The illegal use of someone’s personal data (such as name, address, or ID number) to commit fraud or other crimes.
Open-Source Intelligence (OSINT)Information collected from publicly available sources, such as websites, social media, and online databases, used to assess potential vulnerabilities.
Internet of Things (IoT) | A network of interconnected devices that communicate and share data, often used in healthcare for monitoring and diagnostics (e.g., smart monitors, infusion pumps).
Vulnerability | A weakness in a system or network that could be exploited by a threat actor to gain unauthorized access or cause harm.
Data Breach | The unauthorized access, disclosure, or loss of confidential data, often resulting in privacy and financial consequences.
Defense-in-Depth | A layered security strategy that uses multiple defensive mechanisms to protect data and systems.
Confidentiality | Ensuring that sensitive data is accessible only to authorized individuals and protected from unauthorized disclosure.
Integrity | Guaranteeing that data remains accurate and unaltered during storage or transmission.
Availability | Ensuring that authorized users have reliable access to data and systems when needed—particularly critical in healthcare environments.
Ethical Hacking | Authorized and legal hacking performed by cybersecurity professionals to identify and fix vulnerabilities before malicious hackers exploit them.
Penetration Testing (Pen Test) | A simulated cyberattack on a system to evaluate its security, following a structured standard such as PTES.
Critical Infrastructure | Systems and assets essential for the functioning of a society or economy—healthcare systems are considered part of this category.
OTHER RELATED TERMS
- Natural Language Processing (NLP)
- High Query Volume
- Decision Algorithms
- Machine Learning Models
- Dependencies
- Training Dataset
- Computational Resources
- Tensor Processing Units (TPUs)
- Latency Optimization
- Response Time
- Streamline the Critical Path
- Bottlenecks
- Optimize Models
- Upgrade Infrastructure
- Regularly Update the Training Dataset
Cybersecurity in Healthcare
IoT Devices in Healthcare – Review Questions
Closed Questions
1. What does IoT stand for?
2. Which of the following is an example of an IoT device used in hospitals?
3. True or False: IoT devices in hospitals are immune to cyberattacks.
4. Which of the following is a benefit of using IoT in healthcare?
5. Which of the following best describes a common IoT vulnerability?
Open Questions
Click “Show Answer” to reveal guidance or model points.
1. Explain one way IoT devices improve healthcare and one way they increase cybersecurity risk.
2. Describe how a compromised IoT medical device could impact both patient safety and hospital operations.
3. Outline three measures hospitals can take to secure IoT devices against cyberattacks.
4. Evaluate the trade-off between the benefits of IoT in improving patient care and the cybersecurity risks introduced.
5. Describe what happened in the 2017 WannaCry attack and explain why IoT devices made healthcare systems vulnerable.
