The integration of various technologies into healthcare systems provide numerous benefits to end-users. However, these technologies also bring a variety of security attacks aimed at patient data, healthcare operations, and critical assets. These attacks cause harm to patients and healthcare organizations alike. However, there is a lack of appropriate methods for classifying and analyzing these attacks. This paper provides an in-depth insight into the potential attacks to the healthcare system via a taxonomy. It also discusses the associated harms, countermeasures and propagation of harms in the whole system. Overall, this research aims to increase the awareness of the stakeholders by enabling them to identify the potential security attacks, associated cyber-harms and the corresponding mitigations.