Mitigating Cybersecurity Threats to Hospitals and Healthcare Facilities




Lehmann, Peter S
Kinney, Alexander B

Journal Title

Journal ISSN

Volume Title


Institute for Homeland Security


Healthcare facilities rely heavily on digital information systems to deliver patient care and manage confidential patient information. However, healthcare networks and medical devices are highly vulnerable to attackers, who can use the information to victimize medical facilities as well as the patients themselves. The functioning of healthcare systems can be seriously impeded by cyberattacks, restricting information sharing among hospital personnel and delaying or preventing patient care. Although federal legislation and regulatory guidelines have been put forth to improve responses to cyberattacks and enhance patient information protections, the cybersecurity measures in place in many hospitals can be easily bypassed by motivated offenders via entry points in the facilities’ cybersecurity systems. In response to these threats to critical infrastructure, experts have proposed several risk mitigation strategies that healthcare facilities can employ to improve information technology systems and mitigate vulnerabilities associated with human factors. This report provides a summary of (1) the literature on the types and characteristics of cyberattacks most often perpetrated against healthcare providers, (2) the theory and research from criminology and criminal justice on the factors associated with cybercrime victimization risk, and (3) the best practices proposed by experts to help inform policymakers and healthcare professionals in Texas and nationwide.



cybersecurity, healthcare, cybervictimization, medical technology, patient information


Kinney, A. B. & Lehmann, P. S. (2023) Mitigating Cybersecurity Threats to Hospitals and Healthcare Facilities. (Report No. IHS/CR-2023-1017). The Sam Houston State University Institute for Homeland Security.