Healthcare’s Growing Threat Landscape

In an era where technology is deeply embedded in every aspect of daily life, the healthcare industry is no exception—and cybercriminals have taken notice. In 2024 alone, the healthcare industry has been the target of roughly one quarter of all reported cybersecurity incidents, which highlights it being a target over many other industries.¹ This statistic provides another sobering reminder of the vulnerable digital health infrastructure and the importance of safeguarding it with proactive security.

The Healthcare Sector is a Prime Target

Healthcare organizations are attractive cyberattack targets for 3 primary reasons:

• Valuable data—Medical records contain a wealth of sensitive information, from social security numbers and financial details to protected health information (PHI) and personally identifiable information (PII). This makes healthcare organizations a goldmine for cybercriminals engaged in identity theft, insurance fraud, or the sale of data on the dark web. For example, the black-market value of health records is significantly higher than credit card details due to the breadth of information they contain.
• Critical systems—Hospitals and healthcare providers rely on interconnected digital systems to manage patient records, treatment protocols, and equipment operations as well as a plethora of Internet of Things (IoT) devices. Any disruption to these systems can have severe, life-threatening consequences, increasing the likelihood of ransom payments in the event of a ransomware attack. Imagine that those interconnected devices, such as ventilators, dialysis machines, suctioning devices, oxygen concentrator machines, IV and nutrition pumps, and CPAP/BIPAP machines all being unable to function due to their interconnectivity within an internal network that is under attack. There are even attacks aimed at ventricular assist devices (VADs).
• Underinvestment in security—Despite the high stakes, many healthcare organizations struggle with underfunded IT departments and outdated security protocols.² According to a survey, 92% of healthcare organizations had experienced at least one cyberattack in the past 12 months, compared to 88% the previous year.³ Nearly 70% said the attacks disrupted patient care.

Healthcare organizations [are] a goldmine for cybercriminals engaged in identity theft, insurance fraud, or the sale of data on the dark web.

Types of Cyberthreats Facing Healthcare

Cybercriminals exploit various attack vectors to infiltrate healthcare systems. Understanding these threats is critical to building a comprehensive defense strategy:

1. Ransomware—One of the most damaging types of attacks, ransomware involves encrypting a target’s systems and demanding payment to restore access. Many new ransomware attacks include double extortion — where a ransomware operator infiltrates a victim's network through a range of established methods and threat vectors. Once inside, the operator conducts network discovery to identify and gain access to high-value assets across the network and connected endpoints, subsequently exfiltrating the data to their own storage systems. After achieving lateral movement within the network, the attacker encrypts the data and issues a ransom demand. If the victim refuses to pay, the stolen data is often sold or publicly released on blogs and online forums. In healthcare, where downtime can mean delays in critical care, ransomware attacks are particularly devastating. Notable incidents include the 2017 WannaCry attack,⁴ which affected hundreds of healthcare providers worldwide, and the more recent Scripps Health attack in 2021, where a US State of California-based healthcare provider faced weeks of operational disruption and millions in recovery costs as 150,000 healthcare records were compromised.⁵
2. Phishing—Phishing attacks, which involve tricking employees into revealing sensitive information, remain among the most common methods cybercriminals use. In healthcare, attackers often pose as vendors or internal personnel, leading to compromised credentials or unauthorized access to patient data.
3. Insider threats—Healthcare organizations are vulnerable to insider threats, where employees expose sensitive data maliciously or unintentionally. These threats can stem from improperly disposed records, weak access controls, or employees falling victim to phishing schemes.
4. DDoS attacks—Distributed denial of service (DDoS) attacks overwhelm healthcare systems, preventing access to critical services. These attacks disrupt everything from patient registration systems to telemedicine platforms, causing cascading effects that delay treatment and care.
5. Medical device vulnerabilities—With the increasing use of connected medical devices, such as pacemakers, insulin pumps, and imaging systems, there is a growing attack surface in healthcare. Many of these devices were designed without security in mind, making them potential entry points for attackers.⁶

MXDR in Healthcare

Healthcare organizations store vast amounts of sensitive data, from patient records and medical histories to financial information. This wealth of data makes them an attractive target for cybercriminals seeking to exploit vulnerabilities for monetary gain or other malicious intent, knowing that the sensitivity of the data increases the likelihood of payment. The increasing frequency and sophistication of cyberattacks pose a significant threat to the stability and reliability of healthcare services.

Managed extended detection and response (MXDR) solutions provide 24/7/365 monitoring, analysis, alerting, and incident response, effectively serving as a team of cybersecurity experts that becomes an extension of the in-house infrastructure. MXDR typically includes proactive threat hunting, and some organizations will even conduct retroactive threat hunting by looking in their client’s environments for lingering or newly discovered threats. For healthcare organizations, MXDR can play a pivotal role in ensuring sensitive health-related information's integrity, confidentiality, and availability. MXDR addresses some of the healthcare sector’s most pressing challenges in several ways:

1. Patient confidentiality—One of the primary concerns in healthcare cybersecurity is protecting patient confidentiality. Patient data breaches can have severe consequences, including identity theft, insurance fraud, and compromised medical histories. MXDR is crucial in detecting and mitigating threats before they escalate, helping ensure that patient information remains confidential and secure.
2. Operational continuity—In healthcare, downtime can have life-threatening consequences. Cyberattacks, such as the ransomware attack on Ardent Health,⁷ can cripple operations, preventing access to critical patient records and disrupting the delivery of care. MXDR helps healthcare organizations maintain operational continuity by swiftly identifying and neutralizing threats and minimizing the impact on essential services and patient care.
3. Regulatory compliance—Healthcare organizations in the United States are subject to stringent regulations, such as the US Health Insurance Portability and Accountability Act (HIPAA). Failure to comply with these regulations can result in severe legal consequences and reputational damage. MXDR helps organizations detect and respond to security incidents and ensures compliance with industry-specific regulations, safeguarding against legal and financial repercussions.
4. Proactive threat detection—Many cybersecurity measures are often reactive (i.e., they address threats after they have already come to fruition). MXDR takes a proactive approach by continuously monitoring networks, identifying anomalous activities, and responding in real time. This proactive stance is crucial in the healthcare sector, where the consequences of a breach can be catastrophic.
5. Retroactive threat hunting— Some MXDR firms can conduct retroactive threat hunting. It can be thought of as looking back in time using updated threat intelligence. This would consist of scanning client’s environments for newly discovered threats. This is another great way to respond to emerging threats in an ever-changing landscape.

Real-World Impact: Case Studies in Healthcare Cybersecurity

Several high-profile breaches in recent years illustrate the real-world consequences of failing to invest in robust cybersecurity solutions:

• Scripps Health⁸—In May 2021, Scripps Health experienced a ransomware attack that shut down its systems for nearly a month. The attack impacted patient care, delayed surgeries, and forced the organization to revert to paper-based records, highlighting the severity of operational disruptions caused by cyberattacks.
• University of Vermont health network⁹—In October 2020, a ransomware attack on the University of Vermont Health Network affected six hospitals, leading to weeks of system outages and forcing the organization to divert patients and cancel critical services.

Both incidents underscore the urgent need for healthcare organizations to invest in comprehensive security measures such as MXDR to ensure operational resilience in the face of growing threats.

Conclusion

As healthcare embraces digital innovation through telemedicine, IoT, and connected medical devices, the attack surface available to cybercriminals will continue to expand. To combat this growing threat, healthcare organizations must prioritize cybersecurity as a core component of their operations.

Investing in cybersecurity is not merely a choice for healthcare organizations; it is an ethical obligation to patients and a critical step toward building a resilient and secure healthcare ecosystem. By prioritizing cybersecurity and embracing MXDR, healthcare organizations can fortify their defenses against rising cyberthreats, ultimately ensuring the trust and wellbeing of those they serve.

Moreover, organizations can also lean on peer industry groups, such as Health-ISAC, which focuses on crowdsourced intelligence shared among other healthcare security practitioners. Industry groups, such as Health-ISAC, provide timely, actionable, and relevant information that the community can act on, including intelligence on threats, security incidents, and vulnerabilities.

Healthcare’s shift toward digitalization brings immense benefits to patient care but also creates new vulnerabilities that cybercriminals are eager to exploit. With the stakes higher than ever, investing in advanced cybersecurity solutions such as MXDR and participating in industry collaboration will ensure that healthcare organizations remain resilient in an evolving threat landscape. 

Endnotes

¹ IT Governance USA, Data Breaches and Cyber Attacks – USA Report 2024, IT Governance USA Blog, 18 June 2024
² Cartwright A.J.; “The Elephant in the Room; Cybersecurity in Healthcare,” Journal of Clinical Monitoring and Computing, vol. 37, iss. 5, 2023, p. 1123-1132
³ Olsen, E.; “Nearly 70% of Healthcare Organizations Hit by Cyberattacks Report Patient Care Disruptions: Survey,” Healthcare Dive, 8 October 2024
⁴ US Department of Justice Office of Public Affairs, “North Korean Regime-Backed Programmer Charged With Conspiracy to Conduct Multiple Cyber Attacks and Intrusions,” USA, 6 September 2018
⁵ Burky, A.; “Scripps Ransomware Post-Mortem Reveals Significant Ripple Effects for Nearby Hospitals,” FIERCE Healthcare, 10 May 2023
⁶ HHS 405(d), Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP)| Attacks on Connected Medical Devices
⁷ Alder, S.; “Ardent Health Services Ransomware Attack Affects Hospitals in Multiple States,” The HIPAA Journal, 28 November 2023
⁸ Southwick, R.; “How the Scripps Health Cyberattack Affected Other Hospitals,” Chief Healthcare Executive, 11 May 2023
⁹ University of Vermont Health Network, “Statement From UVM Health Network on Cyberattack,” 22 December 2020

Chris Snyder

Is a cybersecurity expert and principal sales engineer at Quadrant Information Security, having honed his skills as a systems administrator, network operations specialist, security operations senior threat analyst, and paratrooper infantryman in the US Army. Snyder leverages his diverse background and cybersecurity knowledge to help clients find the best security solutions for their unique needs.