Introduction
In 2024 [1] [2] [3] [4] [5], the healthcare sector experienced a significant increase in cyber-attacks [3] [5], surpassing other industries in the number of incidents. This trend has led to the compromise of millions of patient records, highlighting the sector’s vulnerability to cyber threats. The sensitive nature of healthcare data and the potential for disruption make it an attractive target for cybercriminals.
Description
In 2024 [1] [2] [3] [4] [5], the healthcare sector faced a significant surge in cyber-attacks, with Darktrace reporting 45 incidents [3], surpassing other industries such as finance (37) [3], energy (22) [3], insurance (14) [3], and telecoms (12) [3]. This alarming trend has compromised over 276 million patient records, impacting 80% of Americans with some form of medical data stolen [2]. The healthcare sector remains a prime target for attackers due to the high costs associated with data breaches [3], which average $10 million globally from 2020 to 2024 [3]. The sensitive nature of patient data and the potential disruption to critical services further enhance the appeal of healthcare organizations for cybercriminals.
A staggering 92% of healthcare organizations reported experiencing at least one cyber-attack [2], with phishing attacks and the exploitation of edge infrastructure vulnerabilities being the primary methods of compromise [3], accounting for over two-thirds of incidents [3]. Specifically, 32% of attacks involved phishing [3], while 36% targeted vulnerabilities in edge infrastructure [3]. A sophisticated phishing campaign that began on March 20, 2024 [2], impersonated medical service providers like Zocdoc and referenced fake medical clinics [2], aiming at sensitive employee and customer data [2], which is highly valued on the dark web [2]. Notably, 75% of healthcare network intrusions were linked to business email or cloud account compromises that did not escalate to ransomware or data exfiltration [3], indicating a strategic approach by attackers [3].
In addition to phishing, the malware threat MedStealer specifically targeted electronic health records and insurance databases [5], exploiting legacy IT systems and vendor networks through phishing and SQL injection attacks [5]. This malware was responsible for exfiltrating personal data [5], which was subsequently sold on dark web markets [5]. The trend of healthcare data breaches has been rising over the past 14 years [5], with 2023 setting records for reported breaches (725) and the highest number of breached records (133 million) [5]. Hacking incidents and ransomware attacks have become the primary causes of these breaches [5], accounting for nearly 80% of all data breaches in 2023 [5]. The severity of breaches has escalated [5], with 168 million records exposed or stolen in 2023 [5], including 26 breaches affecting over one million records each [5].
While the number of breaches slightly decreased in 2024 [5], the exposure of records increased [5], culminating in the largest healthcare data breach to date [5]. The ransomware attack on Change Healthcare impacted 190 million individuals [5], surpassing the previous record set by Anthem Inc in 2015 [5], which affected 78.8 million individuals [5]. This breach exposed sensitive data and caused nationwide disruptions in healthcare operations [4], highlighting the critical vulnerabilities within the sector. Attackers exploited a lack of multifactor authentication [4], leading to significant delays in patient care and financial turmoil for medical providers [4]. From 2010 to 2024 [1] [3], healthcare data breaches impacted a staggering 732 million records [1], with hacking or IT incidents responsible for 88% of those breaches [1]. Reporting complexities regarding breaches at business associates can lead to under-representation [5], as individual covered entities may report incidents separately [5], complicating overall statistics [5].
Phishing attacks have become increasingly targeted [3], with one in three aimed at VIP users [3], emphasizing a focus on individuals with higher access privileges [3]. Many phishing emails impersonated suppliers or originated from compromised supplier accounts [3], complicating detection efforts due to the exploitation of trust relationships between healthcare providers and vendors [3]. Attackers have frequently exploited edge infrastructure devices from vendors like Citrix [3], Cisco [3], Fortinet [3], and Ivanti [3], affecting a range of healthcare firms from equipment suppliers to non-critical care providers [3]. This trend underscores the expanding attack surface within the healthcare sector [3].
To combat these threats [2] [4], healthcare organizations are advised to implement advanced filtering systems [2], educate employees on recognizing impersonation attempts, establish phishing monitoring and response protocols [2], and ensure that mobile devices are secured with cybersecurity software capable of blocking phishing attempts [2]. Additionally, advanced identity verification solutions [4], such as those offered by Incode [4], are essential for enhancing security, safeguarding patient data [4], and streamlining compliance processes [4]. Recommendations for improving the situation include mandatory ransomware fields in reporting [1], revising severity classifications to reflect operational impacts [1], and monitoring cryptocurrency to disrupt ransom payments [1]. The increasing frequency and severity of cyberattacks in healthcare pose significant risks [4], with the potential to disrupt care [4], undermine trust [4], and even endanger lives [4], as emphasized by the WHO regarding the critical issues of ransomware and other cyberattacks on healthcare facilities.
Conclusion
The escalation of cyber-attacks in the healthcare sector poses significant risks, threatening patient care [4], data security, and operational stability. To mitigate these threats [2] [4], healthcare organizations must adopt comprehensive cybersecurity measures, including advanced filtering systems [2], employee education, and robust identity verification solutions [4]. As cyber threats continue to evolve, the sector must remain vigilant and proactive in safeguarding sensitive data and ensuring the continuity of critical healthcare services.
References
[1] https://www.techtarget.com/healthtechsecurity/news/366623949/Study-Most-healthcare-data-breaches-caused-by-hacking
[2] https://www.newsmax.com/newsfront/healthcare-software-records/2025/05/15/id/1211155/
[3] https://www.infosecurity-magazine.com/news/healthcare-cyber-attacks-intensify/
[4] https://incode.com/blog/why-has-the-healthcare-industry-become-a-prime-target-for-cyberattacks/
[5] https://cybermaterial.com/patient-data-breached-record-276m-in-2024/
