traffic_analyzer/DigitalVision V
Healthcare cyberattacks continue to escalate in 2025
Healthcare cyberattacks, third-party data breaches and supply chain attacks remain top concerns for healthcare security professionals in 2025, Health-ISAC found.
Healthcare cyberattacks significantly affected the healthcare sector in 2024 and remain a top concern in 2025, the Health Information Sharing and Analysis Center, or Health-ISAC, shared in a report examining the healthcare cyberthreat landscape.
A survey of approximately 200 healthcare cybersecurity executives and professionals identified ransomware, phishing, compromised credentials, third-party credentials and data breaches as the top five cyberthreats facing their organizations in 2024.
Looking to 2025, healthcare cybersecurity professionals reported ransomware deployments, third-party breaches, data breaches, supply chain attacks and zero-day exploits as the top five cyberthreats facing their organizations now.
While the top threats year-over-year are similar, 2024 cyberattack trends show that cyberthreat actors are evolving and adjusting their tactics. Healthcare organizations will have to remain similarly adaptable to effectively tackle these threats in 2025.
2024 healthcare cyberattack trends reveal new patterns
Health-ISAC highlighted several major cyberattacks and vulnerability exploits that occurred in 2024, which are setting the tone for the healthcare cyberthreat landscape in 2025.
For example, the February 2024 Change Healthcare cyberattack highlighted the effects that a cyberattack can have on operations and patient care. The May 2024 cyberattack against Ascension Healthcare also had widespread impacts and necessitated ambulance disruptions. Supply chain attacks were also a trend in 2024, as exemplified by the numerous attacks on third-party blood suppliers.
Survey respondents said that disruptions in the normal operation of medical technology, such as loss of EHR access or ambulance diversions, had the most significant impact on healthcare organizations in 2024. Other top impacts to the sector included unauthorized access or exposure of protected health information and disruption of overall hospital operations, such as scheduling and communication.
Health-ISAC tracked 458 ransomware attacks in the healthcare sector in 2024. LockBit 3.0 was the most active ransomware gang to target the healthcare sector, with 52 documented attacks. LockBit 3.0 was followed by INC Ransomware, RansomHub, BianLian and Qilin, all of which executed notable cyberattacks against the sector in the past year.
Notable tactics that emerged from Health-ISAC's analysis of 2024 cyberattacks included several social engineering schemes, including help desk targeting, spam-bomb social engineering and telephone-oriented attack delivery campaigns.
Remote desktop protocol (RDP) exposure was the most commonly observed vulnerability in 2024. Health-ISAC distributed 105 targeted alerts about RDP exposure to members and non-members last year and urged members to ensure that all non-essential RDP protocols are disabled.
Health-ISAC's survey results and analysis of the attacks it observed in 2024 showed that ransomware, social engineering and vulnerability exploitation remained fixtures in the healthcare cyberthreat landscape throughout the year.
Emerging healthcare cyberattack trends in 2025
In 2025, Health-ISAC noted that ransomware and third-party data breaches remain top concerns, but other emerging threats are top-of-mind for some security professionals.
"Organizations with cybersecurity budgets in both the highest and lowest brackets listed AI-enabled attacks as their primary concern going into 2025 despite the collective consensus across the membership being ransomware deployments as the greatest threat going into 2025," the report noted.
AI-enabled cyberattacks are particularly prevalent when it comes to social engineering, as cyberthreat actors have been observed using AI to enhance their phishing emails and make social engineering schemes more effective.
In addition to cyberthreat actors using AI to advance cyberattacks, Health-ISAC noted that the National Institute of Standards and Technology (NIST) recently released three post-quantum cryptography standards to prepare for cyberattacks enabled by a cryptographically relevant quantum computer (CRQC).
A CRQC could be used to break encryption algorithms, posing significant threats to any confidential information. As such, post-quantum cryptography standards may be a necessary safeguard to protect against these emerging threats.
Even as emerging threats continue to take shape, ransomware and data breaches remain the most prominent. Health-ISAC stressed the importance of information sharing and collaboration in effectively combatting these threats.
Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.
Dig Deeper on Health data threats
-
![]()
Reflecting on the Change Healthcare cyberattack, one year later
By: Jill McKeon
-
![]()
What is a cyberthreat hunter (cybersecurity threat analyst)?
By: Mary Shacklett
-
![]()
Top healthcare cybersecurity vendors win Best in KLAS awards
By: Jill McKeon
-
![]()
Deloitte provides $5M to cover RIBridges data breach costs
By: Jill McKeon
