In certain instances, we may earn revenue when a reader makes a purchase or completes a form through our pages or on a partner’s website. We adhere to a strict 
As yet another healthcare cybersecurity attack hits the U.S., Techopedia speaks to experts about the steps hospitals and medical centers must take.
We have seen large-scale medical attacks already in 2005, including an attack on New York-based blood centers, which disrupted supply at 400 hospitals.
But it is not just large institutions at risk — the Memorial Hospital and Manor in Georgia announced on February 10, 2025, that the personal and health records of 120,000 individuals were stolen in a November 2024 ransomware attack.
The rural hospital needed to switch to pen-and-paper records during the attack but has now announced that the Embargo ransomware group stole 1.15TB of data, which has now been publicly leaked.
This includes Social Security numbers, medical history, and insurance details.
With massive healthcare-related ransomware attacks over the past 12 months, Techopedia explores the current state of healthcare cybersecurity — and why the industry must prioritize digital hygiene now more than ever.
Key Takeaways
- Healthcare is a top target for cybercriminals due to sensitive patient data and outdated security systems.
- Millions of patient records have been leaked in the last year — from 120,000 patient records in Georgia to 6 million records at the Ascension network of hospitals.
- Major breaches, like UnitedHealth’s 190 million patient record leak, show just how vulnerable medical services are to attack.
- It can be expensive to stay on top — especially as healthcare has a higher level of regulation than most industries.
- But if hospitals should know anything, it is the importance of digital hygiene.
Why Healthcare Is Particularly Vulnerable to Ransomware Attacks
Almost every business today operates online, which means it stores some customer data. The type and sensitivity of this data vary by industry, but some sectors handle far more critical information than others.
Healthcare, for instance, stores vast amounts of highly sensitive patient data, including medical records, financial details, and personal information.
This data is essential for healthcare institutions to function, but it is also highly valuable to cybercriminals. Hackers can sell it on the black market or use it for extortion – often preferring the latter since healthcare organizations are more likely to pay a ransom to restore access to critical systems.
But the healthcare industry is not just targeted because of the data it holds. It is also vulnerable due to poor digital hygiene. Many organizations still rely on legacy systems with outdated security protocols — and plenty of regulation that makes updating them cumbersome — which makes them easy targets for attack.
And from a hacker perspective, why try many phishing scams on individuals when one hospital contains a motherlode of data?
The Healthcare Industry Is Constantly Under Attack
The healthcare industry is now the third most targeted sector for ransomware, following finance and manufacturing, with incidents jumping over 32% from 2023 to 2024.
2024 saw some of the worst cyberattacks yet. On May 8, ransomware locked doctors and nurses out of critical systems at Ascension, a Catholic health system with 140 hospitals across at least 10 states.
It disrupted Protected Health Information, phone lines, and tools used to order tests, procedures, and medications.
At first, the data breach was reported to the HHS Office for Civil Rights (OCR) with a placeholder figure of 500 affected individuals, something organizations often do while investigations are ongoing.
But by December 19, 2024, the actual number had been updated to 5,599,699 records, making it one of the most significant healthcare data breaches of the year — and one of many.
As Jeff Scheidel, VP of Operations at authID, told Techopedia:
“Ransomware keeps striking everywhere, but most insidiously in the healthcare space.
“It has materially affected organizations’ ability to deliver critical procedures and treatments, including at children’s hospitals.
“The focus in healthcare security for years has been the protection of Electronic Health Records and satisfying HIPAA requirements, but service delivery systems have been the weak spot.
“Patient data, like other personally identifiable information, is a goldmine, but these latest attacks are more about collecting ransom.”
Take, for example, UnitedHealth’s Change Healthcare unit’s massive data breach in February 2024.
At first, it was reported that around 100 million people were affected, but the company later confirmed that the actual number was 190 million. This makes it the largest medical data breach in U.S. history, impacting nearly half the country’s population.
UHG attributed the cyberattack to ALPHV/BlackCat, a Russian-speaking ransomware and extortion gang that later claimed credit for it before finally being dismantled by law enforcement.
In a surprising twist, the group’s leaders disappeared after taking off with a $22 million ransom paid by UnitedHealth, leaving the hackers who carried out the attack with nothing.
The hackers took the stolen data and formed a new group. They demanded a second ransom from UnitedHealth while leaking some stolen files online to prove they were serious.
But Why Healthcare?
As we mentioned earlier, healthcare providers have access to huge amounts of sensitive patient information, including medical records and payment details. This data is highly valuable on the black market and can be used for identity theft or financial fraud.
Cybercriminals know that healthcare organizations are often willing to pay ransoms to regain access to their systems and restore normal operations. The industry’s complex IT environment also gives attackers plenty of opportunities to find vulnerabilities and exploit them.
Tim Morris, Chief Security Advisor at Tanium, a cybersecurity and systems management company, told Techopedia:
“The healthcare industry faces significant cybersecurity threats, largely due to its size, use of complex systems – which are often decentralized – and the high volume of sensitive data being handled.
“Hospitals, providers, payment processors, suppliers, and third-party vendors all operate within a vast and intricate network, creating multiple security gaps and weak entry points that attackers can sniff out and exploit.”
The push to expand telehealth and remote services during the Pandemic only worsened these vulnerabilities.
Also, in many cases, cybersecurity investments have not kept up, leaving healthcare providers unprepared to handle increasingly sophisticated cyber threats.
Kanna Sekar, Senior Customer Engineer at Google, told Techopedia:
“Tight IT budgets, where cybersecurity is still seen as an expense rather than a necessity, leave hospitals dependent on aging, vulnerable systems.
“Understaffed and often under-skilled IT/Cyber teams struggle to keep pace with evolving threats, while unpatched, internet-connected medical devices create easy entry points for cyberattacks.”
What Should Healthcare Organizations Do?
Let’s start with some basics: the UnitedHealth data breach happened because hackers used stolen credentials not protected with multi-factor authentication, as disclosed in testimony.
This basic security feature could have helped prevent the attack by adding an extra layer of protection against stolen passwords.
“The cybersecurity vulnerabilities in healthcare require a comprehensive, multi-layered approach. Increased investment is essential, not just in upgrading outdated systems but also in recruiting and training cybersecurity professionals,” Sekar added.
Many organizations rely on IT support teams to handle cybersecurity, even when not equipped to deal with advanced threats. Some organizations do not have a CISO to oversee cybersecurity, leaving them even more vulnerable to attacks.
Beyond leadership and investment, cybersecurity awareness needs to extend to every employee in the healthcare system.
Scheidel from authID suggested:
“Just like those in IT or financial services, healthcare workers must be trained to recognize phishing attacks via email and smishing attacks via text. Medical equipment connected to hospital networks, including nearly all devices, must also be secured to prevent unauthorized access.”
Help desk personnel should also carefully verify the identities of staff requesting access recovery or password resets. Attackers often target help desks by impersonating employees using details gathered from phishing or social media.
Healthcare organizations may also use biometric authentication to eliminate the risks that come with passwords and other traditional access methods.
The Bottom Line
With ransomware attacks and data breaches rising, healthcare organizations can no longer afford to treat cybersecurity as an unnecessary expense.
Hospitals must prescribe themselves stronger security measures, train staff to recognize threats and implement basic protections like multi-factor authentication.
After all, every hospital knows that hygiene is vital.
FAQs
Why is healthcare a major target for cyberattacks?
What was the biggest healthcare data breach in history?
How do ransomware attacks affect hospitals?
What basic security measures can prevent attacks?
How can patients protect their medical data?
What steps should hospitals take to improve cybersecurity?
References
- Overview – Healthcare Under Ransomware Attack (BlackKite)
- Ascension Ransomware Attack Affects 5.6 Million Patients (HipaaJournal)
- Change Healthcare Cyberattack Support (UnitedHealthGroup)
- UHG’s Witty House testimony (DocumentCloud)
