The Journal of ExtraCorporeal Technology No 58-1 | Page 12

6 K. Lung: J Extra Corpor Technol 2026, 58, 3 – 18

Table 1. Common types of malware, their effects, and examples.

Destructive extortion

Denial of Service( DoS) or Distributed Denial of Service( DDoS) [ 25 ]

Man-in-the-Middle( MITM) [ 9 ]

Abuse of known software vulnerabilities

Privilege escalation / abuse of privilege [ 9 ]

Third-party breach

Similar to a ransomware attack, save that once the target system is encrypted, data is deleted or the system is destroyed on purpose.

Digital services are overwhelmed by excessive network traffic, thereby limiting the amount of legitimate electronic requests that get through to the intended recipient. Attack can originate from a single or multiple( distributed) sources.

Information passes through an additional process that reads or copies the information to a third party. Data integrity can easily be compromised in this situation.

Use of known and unpatched vulnerabilities in software to gain access to a system.

Attacks that have a goal of gaining higher levels of access or privilege so that malware has a broader impact when deployed. It can spread“ horizontally” through same-level access points, or“ vertically” to more privileged accounts.

When a third-party service fails to properly maintain data security. Often, from addition of Google / Facebook or other advertiser tracking algorithms are applied.

Change Healthcare 2024 [ 24 ] Hancock Regional Hospital( 2018) [ 3 ]

Boston Children’ s Hospital( 2014) [ 26 ]

St Jude Merlin @ Home pacemakers [ 27 ]

Epiphany Cardio Server SQL injection( 2015) [ 28 ]

Medical Informatics Engineering SQL injection( 2015) [ 18 ]

South-Eastern Norway Regional Health

Authority( 2017)( Legacy Windows XP) [ 3 ] Red Cross( 2022) [ 23 ] Hancock Regional Hospital( 2018) [ 3 ]

Advocate Aurora Health( 2022) [ 18 ] Boston Children’ s Health Physicians( 2024)

[ 20 ] these systems [ 3 ]. Legacy systems are known to contribute to higher incidences of cybersecurity attacks in healthcare [ 4, 6 ]. Unfortunately, securing existing devices on a hospital network or replacing old devices with newer and more secure ones is a slow and expensive process, during which patients and hospitals will remain exposed to attacks [ 32 ].

The current trend of consolidating hospitals into larger networks also brings cybersecurity risks. Pooling resources may reduce overhead costs, but it also increases the vulnerabilities of many systems through increased access and the larger target that a hospital network presents. While a network of hospitals may increase the funding of an overarching IT team, streamlining software systems, vendors, and services over time, resulting in a reduction of risk, in the short term, a lot of time and money are necessary to overhaul the new network additions, during which there is vulnerability in spades.

Human barriers to hospital cybersecurity

The most pressing vulnerability inherent to healthcare networks is the human one. The sheer number of end users in healthcare settings, be they patients, visitors, or staff members, complicates network access control [ 4 ]. End users are often the weakest link in cybersecurity [ 10 ], and in a study in 2021, only 16 % of healthcare workers had confidence in their understanding of phishing, a common method that cybercriminals use to gain access to a system [ 10 ].

The Poneman Institute showed that employee training, specifically on the recognition of phishing attempts, was the biggest factor that reduced the cost of a data breach, while conversely, the things that increased the cost the most were the complexity of the system, a shortage of IT security staff, and third-party breaches [ 14 ]. End users, including perfusionists,