Healthcare Increasingly Targeted by Criminals. Necessary to Strengthen Defenses
How often do we hear about healthcare problems?
Lack of resources, facilities, personnel, especially in the public sector. Access to care for citizens is increasingly difficult, waiting lists are getting longer, and regional differences are becoming more pronounced. The private sector takes advantage of this, becoming more business-oriented and creating that odious disparity in healthcare between citizens who should, on paper, have equal rights.
However, there is one factor common to both public and private sectors that creates a state of general alarm throughout the healthcare sector: the risk of cyber attacks.
We know that health data represents a delicious dish for cybercriminals. These are highly marketable sensitive data on the dark web.
Additionally, healthcare facilities also store financial information: payment methods, banking data, and patients’ financial situations. This is another factor of interest to criminals.
When an attack on a healthcare facility occurs, it can seriously cripple organizations which, to avoid further aggravating the situation, are almost always willing to pay the ransom demanded by criminals.
After all, there are significant risks at stake: violation of patient privacy; shutdown or severe limitation of the facility’s activities, with consequent economic losses; and reputational damage.
However, if the organization doesn’t want to give in to blackmail, as most experts suggest, criminals know they can easily sell the stolen information in the flourishing black market.
The numbers demonstrate the interest that the healthcare sector has generated in the criminal world.
According to the Clusit Report 2025, in 2024 alone there were 810 cyberattacks in the healthcare sector globally, with a 30% increase compared to the previous year. In Italy since January 2023, there have been an average of 3.5 cyber attacks per month against healthcare facilities, half of which resulted in serious incidents.
In July 2024, a supply chain attack hit an IT service provider, causing serious damage to multiple interconnected healthcare entities. This episode highlighted the systemic vulnerability of the sector, which is increasingly exposed to sophisticated threats.
According to the National Cybersecurity Agency website, in the 2023-2024 period, the number of cyber events in the healthcare sector increased dramatically, with a 111% increase, from 27 events in 2023 to 57 in 2024.
We’re talking about a form of heavy-caliber crime, since, as highlighted by Clusit researchers, more than 50% of attacks launched in the healthcare field are carried out via ransomware and are not the work of solitary cybercriminals, but of transnational criminal organizations connected to mafias that also manage drug, weapons, or human trafficking.
Just in the Period between 2018 and 2023, our Country Has Seen the Number of Attacks Double.
According to the recent research “Cybersecurity in healthcare: Threats, challenges and strategic responses in a rapidly evolving landscape” by Kaspersky, conducted by the research company Censuswide among C-Level executives of large Italian healthcare companies (over 1,000 employees), 73% say they have suffered at least one cybersecurity incident in the last 12 months. Of these, almost one in four (24%) has suffered serious attacks, with significant consequences on the operational and organizational level. On average, these companies experienced two system interruption episodes per year.
In fact, 63% reported experiencing operational interruptions between two and three times, putting service continuity at risk. In particular, 66% of organizations have experienced attempts to steal sensitive data or intellectual property, with a peak recorded in the last 4-6 months in 45% of cases, a sign of an acceleration in attacks.
All this highlights how urgent it is to invest in security and particularly in training and IT culture, also considering the digital transformation that is affecting the sector’s activities through the integration of advanced technologies.
Unfortunately, in Italy there is still a widespread underestimation of this type of risk and there is a lack of correct and consolidated knowledge of the subject. If we add to this a delayed digitalization and budget cuts to healthcare companies, particularly public ones, it is not difficult to perceive the seriousness of the situation and the urgency of finding solutions.
Despite the undeniable advances in defensive technology, there is still a strong deficiency in the training and awareness of operators and employees.
The human factor remains the most used by criminals to access the networks of healthcare organizations and facilities. At the root of thefts we find, in most cases, distraction, poor knowledge, inability to manage emotions and recognize danger.
To counter these vulnerabilities, the ACN suggests targeted recommendations, including the need to implement robust security practices and centralized cybersecurity governance.
The Agency’s recommendations generally focus on improving security practices, with particular attention to the adoption of advanced technologies and staff training.
This is why it has become essential to invest in quality training courses for employees and collaborators. Knowledge, continuous updating, awareness of every action performed online represent the fastest and safest ways to achieve the correct and necessary digital posture and to transform employees and collaborators into true sentinels defending healthcare companies.
Because, just like our body, companies and organizations need to equip themselves with a strong and structured immune system, capable of blocking any attempt at penetration by malicious elements and ensuring the health of the entire system.
