The HIPAA Guide - Celebrating Over 15 Years Online

Healthcare Cyber Threat Insights for 2025

February 24, 2025Healthcare Cybersecurity0

One of the biggest concerns in healthcare in 2025 is the continuing threat of cyberattacks. Last year was a particularly bad year for healthcare security incidents and data breaches, and while it appears that there was a slight year-over-year decline in reported data breaches, record numbers of healthcare records were breached in 2024 and several cyberattacks caused massive disruption to healthcare services across the country.

The Change Healthcare ransomware attack in February caused outages of systems that were relied upon by a huge number of healthcare providers. A year on and the healthcare industry has still not recovered and notification letters are still being mailed to the affected individuals to inform them that their healthcare was stolen. Another hugely disruptive attack hit Ascension Health, which also had far-reaching impacts on healthcare operations and patient care. These high-impact attacks could become more common in 2025, as could ransomware attacks where patients are extorted directly by threatening to leak their data if they do not pay to have their data deleted.

There was also an increase in attacks targeting supply chains last year, including cyberattacks on third-party blood suppliers, which forced many hospitals to implement their blood shortage protocols. There were also several high-impact supply chain attacks on third-party tools used extensively in healthcare, such as a series of attacks in January that exploited vulnerabilities in Ivanti products.

A recent report from the Health Information Sharing and Analysis Center (Health-ISAC) looks back on the events of last year and warns of a potential escalation of attacks in 2025. In 2024, there was a significant escalation in healthcare ransomware attacks, with threat actors employing increasingly sophisticated techniques to breach healthcare networks. All five of the most active ransomware groups have conducted attacks on the healthcare sector, with Health-ISAC tracking 458 ransomware attacks on healthcare providers in 2024.

While many of the cyberattacks were conducted by financially motivated threat groups, there is a growing threat of cyber espionage by nation-state actors who seek patient data and intellectual property. Social engineering schemes were also highly prevalent in 2024, including schemes targeting IT helpdesks, telephone-oriented attack delivery campaigns, and spam bombing with threat actors impersonating IT support teams promising to fix the spamming problem they created.

While the most prevalent threats to healthcare organizations in 2024 are largely unchanged year-over-year, cyber threat actors have been evolving their tactics, techniques, and procedures, which means healthcare organizations need to constantly evolve their defensive measures to ensure they are protected against ever-changing threats. One such threat concerns Internet of Medical Things (IoMT) devices. There are vast numbers of IoMT devices in healthcare, which have introduced new vulnerabilities that need to be carefully assessed, managed, and reduced to a low and acceptable level. There is also growing concern about AI-enabled attacks, which can be harder to identify and address.

HIPAA
Compliance
Checklist

Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

Download Free Checklist

A November 2024 Health-ISAC survey of almost 200 executives and cybersecurity professionals explored the most significant perceived threats and cybersecurity concerns facing their organizations in 2024 and 2025. Unsurprisingly given the increase in ransomware attacks on the healthcare sector last year, ransomware was viewed as the biggest threat in 2024, followed by phishing, compromised credentials, third-party credentials, and data breaches.

Ransomware deployments were thought to pose the biggest threat again in 2025, with third-party breaches the second biggest concern, followed by data breaches, supply chain attacks, and zero-day exploits. The biggest impacts of these attacks on healthcare delivery organizations are the disruption to the operation of medical technology and its impact on patient care, unauthorized access to patient data, and overall disruption to healthcare operations, such as communications, administrative processes, and scheduling.

In addition to improving baseline security and implementing measures to combat changing threat actor tactics, Health-ISAC recommends joining the Health-ISAC community to benefit from early warnings about evolving threats, to obtain proven mitigation strategies to deal with those threats, and benefit from crowd-sourced knowledge from industry veterans on strengthening defenses.

About Liam Johnson

Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/

The HIPAA Guide is a registered trademark. Copyright © 2007-2026 The HIPAA Guide. All rights reserved.