Cyberattacks targeting the healthcare sector have surged since the COVID-19 pandemic and the resulting rush to enable remote delivery of healthcare services. Security vendors and researchers tracking the industry have reported a major increase in phishing attacks, ransomware, web application attacks, and other threats targeting healthcare providers.
Recent rising of ransomware attacks on healthcare, in particular the Change Healthcare breach, has been a headline-grabbing wake-up call for healthcare execs.
The trend has put enormous strain on healthcare security organizations. “The healthcare industry is under siege from a range of complex security risks,” says Terry Ray, vice president of product strategy at Varonis. “Cybercriminals are hunting for the sensitive and valuable data that healthcare has access to, both patient data and corporate data.”
Many organizations are struggling to meet the challenge because they are under-resourced and rely on vulnerable systems, third-party applications, and APIs to deliver services.
Moreover, IT systems are increasingly used to optimize clinical encounters and patient care. Implantable devices, such as loop recorders, are increasingly being used to aid diagnoses, for example, of cardiac arrhythmias. These devices support telemetry, as do wearable devices, by transmitting patient data. Important healthcare decisions are made based on this data, with patient data being far more available due to advances in IT.
The increasing usage of IoT and IT in healthcare have improved clinical efficiency and decision-making certainty, but it does require greater attention to risk assessment, with the days of patient data stored in locked filing cabinets long gone, says WithSecure principal consultant Stuart Morgan.
“The impact of patient data being manipulated or leaked is intuitive and well understood, but the risk of denial of service — whether malicious or unintended — can be huge,” Morgan tells CSO. “Although resilience is built in to these systems to a degree, resorting to backup systems are by their nature far less efficient.”
Here, security experts identify the major cybersecurity threats healthcare organizations face today.
The rising ransomware threat
Ransomware has emerged as one of the biggest cyber threats for healthcare today. Attackers have discovered that healthcare organizations delivering life-saving treatments can be more easily extorted than victims in almost every other sector. Many healthcare organizations are also more susceptible to attacks because of new digital applications and services they have launched to address demand for telehealth services, among other digitalization efforts.
From 2022 to 2023, healthcare ransomware victims jumped 81%, according to a study by US Office of the Director of National Intelligence. This past year, healthcare ransomware attacks increased another 30%, as vendors and service partners joined clinics and hospitals as key targets for attacks, according to a study by Comparitech.
Pharmaceutical manufacturers, medical billing providers, and healthcare tech companies have also come under increasing fire from ransomware actors, Comparitech found.
Change Healthcare’s devastating ransomware attack in February 2024 is among the most notable. The attack, which disrupted insurance claim processing, prescription dispensing, and financial settlements, had a huge impact on hospitals, clinics, and pharmacies across the US. In August 2024, Michigan-based McLaren Health Care suffered the second of two ransomware attacks over the course of just 12 months.
A June 2024 ransomware attack on NHS-affiliated UK pathology services Synnovis caused massive disruption in parts of London, forcing hospitals to cancel planned procedures and resulting in a temporary shortage of blood supplies. The Qilin ransomware group exfiltrated data before deploying ransomware that hobbled Synnovis’ IT systems, affecting blood tests, diagnostics, and lab services.
Medical equipment firm Stryker experienced global network disruptions to its IT systems following a cyberattack in March 2026. Initially ransomware was suspected but Iran-linked group Handala quickly became the prime suspect in an attack that wiped an estimated 200,000 devices as part of a broader campaign against US and Israeli targets.
Electronic health records (EHRs) and systems present the biggest risk in healthcare today, says Caleb Barlow, president and CEO of CynergisTek. “Past attacks have shown when a hospital undergoes a ransomware-induced lockdown period, access to EHRs is shut down, and patients may have to be diverted for care,” he says. “Such attacks can prevent access to critical prescription information and dosing for patients with complex, chronic conditions like diabetes or cancer. Worse, hackers can potentially take it a step further and manipulate health record data to undermine patient care.”
Historically, healthcare institutions transferred this risk to cyber insurance, but that is becoming more difficult because insurers are making it harder for organizations to purchase ransomware protection without specific controls such as multi-factor authentication and endpoint detection and response technologies, Barlow says.
Cloud vulnerabilities and misconfigurations
Many healthcare organizations have adopted cloud services as part of broader digital transformation initiatives. As a result, patient health information (PHI) and other sensitive data is increasingly being hosted in vendor cloud environments.
The trend has broadened attack surface at healthcare organizations, says Anthony James, vice president of products at Infoblox, especially as healthcare organizations often use multiple cloud vendors and services with differing security standards and practices, making it hard to apply a consistent data protection policies.
Sixty-one percent of healthcare companies said they experienced a cloud cyberattack in the past 12 months in a February 2024 report by healthcare software developer KMS Healthcare.
In March 2026, US healthcare software vendor CareCloud’s EHR environment suffered a breach, disrupting access for 45,000 providers.
Attacks aren’t the only cyber risks healthcare organizations face with rising cloud use. Misconfigurations play a role as well.
In April 2025, US health insurer Blue Shield of California found that it had exposed member data — including protected health information — to Google’s advertising platform for three years up until January 2024 because of a flawed Google Analytics setup on some of its web pages.
Web application attacks
Web application attacks targeting healthcare entities have also spiked sharply in recent years, with cross-site scripting attacks among the most common, along with SQL injection, protocol manipulation attacks, and remote code execution/remote file inclusion attacks.
“Technically speaking, web application attacks can be incredibly challenging for under-resourced healthcare organizations to manage,” Varonis’ Ray says. To address the issue, healthcare organizations must implement controls that enable better visibility into third-party applications and API connections. Only then will the security team be able to understand who is trying to access critical data and whether that activity should be permitted.
Bad-bot traffic
Traffic from bad bots — such as those attempting to scrape data, send spam, or download unwanted software — present another major challenge for healthcare organizations. The problem became especially pressing during the pandemic when governments around the world set up new websites and other digital infrastructure to support COVID vaccine registrations and appointments.
“Increased levels of traffic result in downtime and disruption for legitimate human users who are trying to access critical services on their healthcare providers’ site,” Ray says. “It might also result in increased infrastructure costs for the organization as it tries to sustain uptime from the persistent, burdensome level of elevated traffic.”
The latest 2025 edition of Imperva’s Bad Bot report estimates malign bots account for nearly a third (37%) of internet traffic, up from 32% in the year prior. Imperva warned that AI is “supercharging the bot threat” alongside a shift in advanced bot traffic targeted APIs rather than applications, reflecting how API endpoints often handle sensitive or high-value data.
“Financial services, business, telecom, and healthcare are among the most targeted industries for bot attacks on APIs, accounting for over 75% of all API attacks,” Imperva reports.
Bad bots can lead to healthcare data breaches, for example through credential stuffing attacks against patient accounts, and scraping of sensitive health information.
Cybercriminals target confidential health information, such as patient records, medical history, and insurance details because this stolen data can be sold on the dark web for profit or used for fraudulent activities, Imperva warns.
Increased phishing volumes
Phishing attacks pose a major threat to the healthcare industry as they do in almost every sector. Again, the pandemic provided a unique backdrop for a rise in phishing volumes versus healthcare organizations. In a survey of 168 healthcare cybersecurity professionals conducted by Healthcare Information and Management Systems Society (HIMSS) at the time found that phishing was the typical initial point of compromise for most security incidents.
“Phishing attacks are the top type of significant security incident reported by respondents,” HIMSS noted in its report. “Phishers were the top type of threat actor responsible for significant security incidents at healthcare organizations.”
But phishing has long been an issue for healthcare. Stats compiled by the US Department of Health and Human Services (HHS) record that 18% of 4,419 reported breaches of PHI between 2009 and 2021 involved either phishing attacks or the hacking of email accounts, according to the HIPAA Journal.
Phishing was the initial vector in high-profile attacks against healthcare organizations Anthem (2015) and Magellan Health (2020), among others.
A study by UK medical journal BMJ found that around 3% of emails sent to hospital staff over a one-month period were suspected threats.
While many staff appear to be aware of phishing and respond appropriately, ongoing education is required — particularly about the risk of leaking information of potential use to attackers through social media, the BMJ advised.
Smart devices
Wearable and implantable smart medical devices are a proven cybersecurity risk. These technologies certainly offer better analysis, assisting diagnosis of medical conditions while aiding independent living, but mistakes made in securing such medtech have exposed vulnerable users to potential attack.
A seminal moment was the late Barnaby Jack’s hacking of an insulin pump in 2011. This attack over Bluetooth had a maximum range of approximately 300 meters.
Since then, security researchers at Pen Test Partners have found “closed loop” insulin trial data on the public internet.
“In one case, we could have modified the readings taken by the body-worn continuous glucose monitor and automatically, remotely administered a fatal dose of insulin to around 3,000 users in the trial,” Ken Munro, managing director of Pen Test Partners, tells CSO. “Fortunately, the vendor involved responded very quickly to our report and had the system secured the same day.”
Munro adds: “Other connected medtech devices Pen Test Partners have found security issues with include cranial stimulators, dosing pumps, and medical robots, among many others. Fortunately, the smart devices threat has been recognized and regulators are starting to take action.”
For example, the US Food & Drug Administration (FDA) introduced FD&C 524b in 2023 to drive cybersecurity in connected medical devices.
Generative AI
As healthcare staff adopt generative AI, the risk of leaking sensitive information through prompts and documents has grown.
Regulated data, such as patient records and medical information, is especially at risk, accounting for 89% of all data policy violations occurring in the context of gen AI usage, significantly higher than the cross-industry average of 31%, according to a 2026 study by Netskope.
Moreover, the Netskope report shows that healthcare organizations’ deployment and usage of internal AI tools, which require bespoke security guardrails, is accelerating. The proportion of healthcare workers using gen AI applications managed by their organization jumped from 18% to 67% in 2025, significantly ahead of cross-industry averages (26% to 62%), according to the study.
The need for bespoke security controls for AI systems is illustrated by research from Mindgard showing that the clinical AI tool Doctronic could be compromised to spread conspiracy theories or even manipulate prescription guidance.
No Responses