by The Computing Australia Group | Common Types
of Cyberattacks
A Practical Guide for Medical and Healthcare Businesses
Cybercrime is now part of everyday business risk. From GP clinics and specialist practices to day hospitals and allied health providers, healthcare organisations are increasingly targeted by attackers who know exactly how valuable medical data is – and how disruptive downtime can be.
A single successful cyberattack can:
- Lock you out of clinical systems and booking platforms
- Expose sensitive patient records and Medicare details
- Interrupt appointments, treatments and procedures
- Damage your reputation and patient trust for years
The good news? Most common cyberattacks follow familiar patterns. When you understand how they work, what they look like in real life, and how to respond, your practice is already much harder to compromise.
This guide explains the most common types of cyberattacks in clear, non-technical language, with a special focus on medical IT environments. You can share it with practice managers, clinicians and admin staff as part of your cyber awareness program.
What Is a Cyberattack?
A cyberattack is any malicious attempt to:
- Disrupt or disable computers, networks or systems
- Steal, alter or destroy data
- Gain unauthorised access to devices, accounts or applications
Attackers may target:
- Individual devices (laptops, desktops, tablets, phones)
- Practice networks and servers (on-premises or cloud)
- Medical practice management software and EMR/EHR systems
- Third-party apps (e.g. online booking, telehealth, billing)
- Internet of Things (IoT) devices (smart cameras, printers, medical equipment with network connectivity)
Their motives typically include:
- Financial gain – ransom payments, fraud, selling stolen data
- Data theft – patient records, Medicare numbers, identity data
- Disruption – making systems unavailable to harm operations
- Espionage or leverage – accessing confidential business or clinical information
Healthcare and medical organisations are particularly attractive targets because:
- Patient data is highly sensitive and valuable on the dark web
- Many practices rely on legacy systems or outdated devices
- Clinics often operate with limited internal IT resources
- Downtime can directly affect patient care and safety, increasing pressure to resolve issues quickly
The Most Common Types of Cyberattacks
Below are some of the most common cyberattacks seen in medical and business environments, how they work, and what you can do to reduce the risk.
We’ll cover:
1. Mobile malware attacks
2. Ransomware
3. Phishing
4. DDoS (Distributed Denial-of-Service) attacks
5. Man-in-the-middle (MITM) attacks
6. IoT (Internet of Things) attacks
7. Password and credential-based attacks (bonus)
1. Mobile Malware Attacks
Why mobile devices are such an easy target
Mobile phones and tablets have become mini workstations:
- Accessing clinical email
- Approving ePrescriptions and viewing results
- Using telehealth apps and messaging tools
- Logging in to cloud-based practice systems
That makes them a goldmine for attackers. A compromised phone can expose:
- Work email accounts
- MFA (multi-factor authentication) codes
- Stored passwords and browser sessions
- Payment apps and banking details
- Sensitive patient information accessed via apps or web portals
Common types of mobile attacks
- Malware apps
- Smishing (SMS phishing)
Fraudulent text messages urging you to click a link or call a fake number – for example, “Your package is waiting”, “Your payment failed”, or “Your account will be locked”.
- Spyware
Software that secretly monitors activity – capturing messages, call logs, screenshots, or location data, often without any visible signs.
- Man-in-the-middle over mobile networks
Attackers intercept data when you use insecure public WiFi. This can expose logins, email content and other confidential information.
Warning signs
- Rapid battery drain for no clear reason
- Unusual data usage spikes
- Apps you don’t remember installing
- Pop-ups, redirects or strange behaviour in the browser
- The device running very slowly or overheating
How to protect your practice from mobile attacks
- Use Mobile Device Management (MDM) for staff-owned and corporate phones used for work.
- Enforce screen locks, encryption and automatic updates.
- Allow app installation only from official stores (Apple App Store, Google Play) and approved apps.
- Educate staff to avoid clicking links in unexpected texts or messages.
- Prohibit or limit access to clinical systems from unmanaged personal devices.
- Use VPN when accessing practice systems from outside the clinic network.
2. Ransomware
What is ransomware?
Ransomware is a type of malicious software that:
1. Encrypts your files or systems so you can’t use them
2. Displays a ransom note demanding payment (often in cryptocurrency)
3. Threatens to delete data or leak it publicly if you don’t pay
Healthcare organisations are a prime target. Attackers know:
- You rely heavily on continuous access to patient records and booking systems
- Downtime directly impacts patient care and revenue
- The pressure to restore operations quickly is extremely high
How ransomware gets in
- Malicious email attachments or links
- Compromised remote access systems (e.g. weak RDP, VPN credentials)
- Exploiting unpatched software vulnerabilities
- Infected USB drives or removable media
- Malicious ads (“malvertising”) on compromised websites
Business impact of a ransomware attack
- Clinical and admin systems offline for days or weeks
- Cancelled appointments and delayed treatments
- Emergency shift to paper-based workflows
- Costly recovery and forensic investigations
- Potential privacy breaches and regulator notifications
- Long-term reputational damage with patients and referrers
Reducing your ransomware risk
- Maintain regular, tested backups stored offline or in secure, segregated cloud locations.
- Keep servers, workstations and practice software patched and updated.
- Enforce multi-factor authentication (MFA) for email, remote access and cloud services.
- Restrict admin privileges – not every staff member needs full access.
- Run up-to-date endpoint protection (next-gen antivirus/EDR) on all devices.
- Provide regular cyber awareness training so staff can spot suspicious emails and behaviour.
3. Phishing
What is phishing?
Phishing is a form of online scam that relies heavily on social engineering – manipulating people into taking actions that benefit the attacker.
Typical goals:
- Steal login credentials
- Trick users into making payments or changing bank details
- Deliver malware (including ransomware)
- Capture credit card or identity information
Phishing messages can arrive via:
- SMS (smishing)
- Social media messages
- Messaging apps
- Fake websites and ads
Common phishing tactics
- Too-good-to-be-true offers – prize wins, refunds, unexpected “rebates”
- Urgent threats – “your account will be closed”, “unusual login detected”
- Impersonation – pretending to be a doctor, practice manager, government agency, health fund or IT provider
- Business Email Compromise (BEC) – using a compromised or look-alike email to request payments or change bank details
Real-world examples in a medical context
- An email that looks like it’s from your pathology partner asking you to “re-enter your portal password”
- A fake message claiming to be from Medicare or a health fund about urgent payment issues
- A spoofed email from the “Principal GP” instructing accounts to urgently transfer funds to a new bank account
How to defend against phishing
- Implement advanced email filtering and anti-phishing tools.
- Use MFA so stolen passwords alone are not enough.
- Train staff to hover over links and verify senders before clicking.
- Establish clear payment and bank detail change procedures, including verbal confirmation via known phone numbers.
- Encourage a “no blame” culture where staff feel safe reporting suspicious emails immediately.
4. DDoS (Distributed Denial-of-Service) Attacks
What is a DDoS attack?
A Distributed Denial-of-Service (DDoS) attack uses large numbers of compromised devices (often part of a “botnet”) to overwhelm a target with traffic. The goal is to make a website, server, API or network unusable for legitimate users.
For healthcare and medical businesses, DDoS attacks might target:
- Your public website (e.g. online bookings, patient portal)
- Telehealth platforms or online triage tools
- APIs used by third-party applications
Types of DDoS attacks
- Traffic attacks – flood the system with fake connection requests.
- Bandwidth attacks – send massive volumes of data to consume all available bandwidth.
- Application-layer attacks – overload specific functions (e.g. login, search, booking) that are resource-intensive.
Why they’re dangerous
- Patients may be unable to book online or access telehealth services
- Staff may struggle to reach cloud-based systems
- Attackers sometimes use DDoS as a distraction while launching other attacks (e.g. data theft)
How to prepare for DDoS attacks
- Host your website and key cloud systems with providers that offer DDoS protection and traffic scrubbing.
- Develop an incident response plan that includes:
- Key contacts (IT provider, hosting provider, critical vendors)
- Escalation and communication steps
- Fallback options (e.g. phone bookings during an outage)
- Monitor for unusual traffic spikes and failed requests.
- Regularly review your internet bandwidth and network capacity.
5. Man-in-the-Middle (MITM) Attacks
What is a MITM attack?
In a Man-in-the-Middle (MITM) or Person-in-the-Middle attack, an attacker secretly intercepts and potentially alters communication between two parties who believe they are talking directly to each other.
For example:
- A clinician logging into a cloud EMR system
- A practice manager connecting to online banking
- A staff member accessing webmail over café WiFi
The attacker can:
- Capture usernames, passwords and session cookies
- Read or modify data being transmitted
- Inject malicious content (e.g. fake forms, redirects)
Where MITM attacks often occur
- Unsecured public WiFi (cafés, airports, hotels, conferences)
- Poorly configured wireless networks without encryption
- Compromised routers or access points
Reducing the risk of MITM attacks
- Avoid using public WiFi for any access to practice systems or banking.
- If remote access is required, use a VPN to encrypt all traffic back to your practice network or trusted provider.
- Ensure your own WiFi networks use strong encryption (WPA2/WPA3) and a secure password, not a default or shared one.
- Always check for HTTPS and valid certificates in browsers, especially on login pages.
- Work with your IT provider to regularly review and harden network configuration and edge devices.
6. IoT (Internet of Things) Attacks
What is the Internet of Things?
The Internet of Things (IoT) refers to the growing ecosystem of connected devices beyond traditional computers and phones, such as:
- Smart building systems (lighting, HVAC, access control)
- Security cameras and intercoms
- Networked printers and scanners
- Smart TVs in waiting rooms
- Medical devices with network connectivity (monitors, pumps, imaging equipment)
Many of these devices:
- Run simplified or outdated operating systems
- Are rarely patched or updated
- Use default or weak passwords
- Are exposed directly or indirectly to the internet
How IoT attacks work
Attackers look for:
- Default login credentials that were never changed
- Unpatched firmware vulnerabilities
- Devices exposed to the internet without proper protection
Once compromised, IoT devices can be used to:
- Launch DDoS attacks against others
- Provide a foothold inside your network
- Spy, record or exfiltrate data
- Disrupt building or clinical systems
Protecting your practice from IoT attacks
- Change default usernames and passwords on all devices immediately.
- Keep firmware updated and apply vendor security patches.
- Place IoT devices on separate network segments (VLANs) isolated from clinical and admin systems where possible.
- Limit which devices are accessible from the internet and use firewalls to control traffic.
- Work with a qualified IT provider to review and harden all connected equipment.
7. Password and Credential-Based Attacks
Common techniques
- Brute force – repeatedly guessing passwords until one works.
- Credential stuffing – using username/password combinations leaked from other breaches on multiple sites.
- Password spraying – trying common passwords (e.g. “Password1!”, “Welcome123”) against many accounts.
- Keylogging and phishing – stealing credentials with malware or fake login pages.
Why this matters so much
- Many people reuse the same or similar passwords across personal and work accounts.
- Once attackers obtain one valid set of credentials, they can often:
- Access email and reset other passwords
- Log into cloud practice systems
- Move laterally across your network
How to strengthen password security
- Enforce strong password policies (length > complexity, passphrases over simple words).
- Implement multi-factor authentication (MFA) wherever possible.
- Use password managers to generate and store unique credentials.
- Regularly review accounts and access levels, removing old or unused accounts promptly.
- Monitor for suspicious login attempts and failed logins.
Building a Layered Cybersecurity Strategy for Your Practice
No single tool or product can stop every attack. Effective cybersecurity for medical organisations is about layers:
1. People
- Ongoing staff training on phishing, mobile safety and data handling
- Clear policies and procedures for remote access, device use and incident reporting
- A culture where staff are encouraged to report anything suspicious immediately
2. Processes
- Documented incident response plan – who to call, what to do, how to contain issues
- Regular backups and restore testing
- Routine security reviews and risk assessments
3. Technology
- Managed firewalls and secure networks
- Endpoint protection (antivirus/EDR) on all workstations and servers
- Email security and filtering
- Secure remote access (VPN, MFA, restricted permissions)
- Monitoring and maintenance by a specialist medical IT support provider
If you don’t have the time or expertise in-house, partnering with a cybersecurity-focused Medical IT support team in Perth or your local area is often the most practical way to stay protected and compliant.
These are some of the most common types of cyberattacks. Being aware of the cyberthreats out there is the first step to defending against these attacks. Next would be implementing the best cybersecurity measures to protect your organisations. Our cybersecurity specialists at Perth strongly advise investing in a good quality security system to protect your data and devices.
Want to protect your organisation from ever-evolving cyberthreats? Contact us or email at cybersecurity@computingaustralia.group. Computing Australia ensures our cybersecurity measures are updated to protect our clients from the latest threats.
Jargon Buster
Phishing – a form of email fraud where the sender manipulates the receiver with deceit for gains.
Smishing – a similar practice to phishing, but the medium is a text message or SMS.
Malware – a collective name for malicious software specifically created to damage computers, networks and users. E.g. viruses, ransomware, spyware, adware and trojans.
Spyware – refers to spying software that intrudes into a system and collects information in that system for its host.
FAQ
What is a cyberattack in simple terms?
A cyberattack is a malicious attempt to break into, disrupt or misuse your computers, networks or online accounts. Attackers usually want to steal data, lock you out of your own systems, or use your systems to make money or launch more attacks.
Why are medical practices and small businesses targeted so often?
Medical practices hold highly valuable data – patient records, Medicare details, billing information – but often don’t have the same security budget as large hospitals or corporates. Attackers know this makes smaller organisations a “softer target” with a higher chance of success and faster ransom payments when operations are disrupted.
What are the most common types of cyberattacks I should know about?
Some of the most common attacks include mobile malware (infected apps, smishing), ransomware (data locked for ransom), phishing (fake emails and messages), DDoS attacks (flooding systems to knock them offline), man-in-the-middle attacks (intercepting communications on insecure networks) and IoT attacks (compromising smart or connected devices).
How can I tell if my practice has been hit by a cyberattack?
Warning signs include systems suddenly running very slowly, being locked out of files or applications, unexpected pop-ups or programs, strange network activity, staff receiving unusual emails, or patients reporting suspicious messages claiming to be from your practice. In serious cases, you may see a ransom note on screen or find that critical data is suddenly inaccessible.
