Healthcare Increasingly Targeted by Criminals. Necessary to Strengthen Defences
How often do we hear about problems in healthcare?
There is a significant lack of resources, facilities, and personnel, particularly in public systems. Access to care is becoming increasingly complex, as waiting lists grow and regional disparities widen. Meanwhile, the private sector capitalises on these shortcomings, prioritising profit over equity, which exacerbates inequalities in healthcare access.
But there’s one issue affecting both public and private healthcare organisations across the board: the mounting threat of cyberattacks.
Healthcare data is a goldmine for cybercriminals. Medical records are highly valuable on the dark web due to the personal, financial, and sometimes sensitive nature of the data they contain. In addition, healthcare providers store billing information, insurance details, and patients’ financial histories, making them prime targets.
When a cyberattack hits, it can paralyse an entire organisation. Many feel compelled to pay ransoms to prevent prolonged disruption or the release of sensitive data. The risks are enormous: privacy breaches, halted services, economic damage, and long-term reputational harm. And if they don’t pay? Experts warn that attackers will likely sell the data anyway—there’s a booming black market for it.
A global trend: cybercriminals love hospitals
Recent data paints a worrying picture.
According to the 2024 Healthcare Data Breach Report by HIPAA Journal, healthcare attacks in the US alone rose by 60% in 2023, with over 730 reported breaches affecting more than 136 million individuals. Globally, ransomware groups have increasingly shifted their focus toward the healthcare sector.
Check Point Research recorded a 51% increase in weekly cyberattacks on healthcare organisations in 2023 compared to the previous year.
The UK’s National Cyber Security Centre (NCSC) has also flagged healthcare as a “critical national infrastructure at heightened risk,” particularly following global events such as the COVID-19 pandemic and rising geopolitical tensions.
A notable incident in 2023 involved a supply chain attack targeting an IT vendor servicing multiple NHS Trusts in the UK, which resulted in major system outages and delayed appointments—highlighting the sector’s vulnerability to third-party risk.
These attacks are rarely isolated. The UK Cyber Security Council and international security researchers estimate that more than 50% of cyber incidents in healthcare involve ransomware, often linked to sophisticated criminal organisations operating across borders—some with ties to arms trafficking, narcotics, and even human exploitation networks.
Leadership under pressure: security not keeping pace with digitisation
A global study conducted by Kaspersky and Censuswide among healthcare executives in large organisations (1,000+ employees) revealed that:
- 73% had suffered at least one cyber incident in the past 12 months;
- Nearly 1 in 4 experienced severe disruptions with serious operational impact;
- Organisations reported an average of two system shutdowns per year due to attacks;
- 66% reported attempted data or IP theft, with 45% seeing an increase in attempts over the past 4–6 months.
Meanwhile, 63% experienced service interruptions multiple times a year—placing enormous strain on continuity of care and patient trust.
Human error is the weakest link
Despite ongoing investment in cybersecurity tools, one major issue remains: the human factor.
Phishing emails, credential theft, and social engineering remain the most common entry points. In most cases, breaches begin with distracted or untrained personnel who fail to recognise warning signs. It’s not just about firewalls—it’s about mindset.
The NCSC strongly recommends organisations focus on staff training, awareness programmes, and the creation of a cybersecurity culture that extends from leadership to frontline workers.
Unfortunately, many healthcare systems still underestimate these risks. Paired with slow digital transformation and chronic underfunding—especially in public health—the picture becomes increasingly dire.
