The Continuing Threat of Cyberattacks on Healthcare

The current trends in healthcare technology adoption present an interesting dynamic.

Healthcare systems globally have been and continue to experience rapid digital transformation to the point where we now see increasingly embracing AI, internet-connected medical devices and telehealth solutions. Trustwave SpiderLabs captured what is taking place in its recent report Cybersecurity Challenges for Healthcare in 2025.

The logical urgency on behalf of healthcare facilities to adopt new technologies unfortunately also creates inherent tensions. While speed-to-market can improve care delivery, it also introduces vulnerabilities – whether compliance gaps, unintentional exposures, or opportunities for malicious actors.

We’re observing increased criminal exploitation, ranging from fraud to sophisticated ransomware attacks targeting precisely these digital healthcare ecosystems. This reality necessitates balanced, vigilant approaches to technological adoption in healthcare settings, and a failure to do so can have severe results.

For example, we’ve observed ransomware attacks which force hospital emergency protocols to divert ambulances during critical care situations.

Who is Attacking Healthcare?

The healthcare sector faces threats from diverse actors with varying motivations. Nation-state operators, particularly those linked to China, frequently target intellectual property. These entities seek competitive advantage by compromising third-party providers within the healthcare supply chain or directly targeting research institutions developing novel treatments.

Equally concerning are financially motivated criminal enterprises.

These organizations operate with disturbing sophistication, mirroring legitimate business structures. They maintain defined operating models, established supply chains, and often subcontract specialized activities to other criminal networks. While some demonstrate selective targeting – occasionally avoiding particularly sensitive healthcare targets – others operate without such restraint.

The consequences manifest alarmingly in operational terms. We’ve observed ransomware attacks which force hospital emergency protocols to divert ambulances during critical care situations. This exemplifies how cyber threats transcend data theft and directly impact patient safety.

What are the potential ramifications of a successful cyberattack?

The consequences of cyberattacks on hospital systems extend far beyond data breaches. Surgical teams may find themselves mid-procedure with internet-connected instruments suddenly inoperative, raising urgent questions about system resilience and contingency planning. This vulnerability extends to fundamental infrastructure, including power supply to medical facilities.

Emergency departments face particularly acute challenges. The entire patient care workflow – from initial assessment to treatment delivery – relies on continuous access to digital systems. When electronic health records become inaccessible, clinicians lose vital medical histories, test results, and treatment plans.

These threats manifest through two primary vectors: direct attacks on hospital infrastructure, potentially compromising multiple systems simultaneously across different departments; and supply chain vulnerabilities, where attacks on third-party service providers (such as cloud-based medical platforms or connectivity services) can blindside healthcare facilities that depend on these external systems.

The growing integration of internet-connected medical devices, while clinically beneficial, has significantly expanded these attack surfaces. Each networked device – from surgical robots to infusion pumps – represents a potential entry point that threat actors could exploit.

Favorite Threat Actor Attack Vectors

Ransomware inevitably dominates headlines due to its disruptive nature and the financial implications involved. However, the most persistent threat we observe remains phishing and social engineering attacks. These involve threat actors directly targeting individuals through deception to harvest credentials or sensitive information. Their ultimate objectives vary. Some seek to exfiltrate patient data, others target intellectual property, such as computer-aided designs for medical equipment, either to replicate technology or identify vulnerabilities for future exploitation.

The Problem Posed by Legacy Healthcare Technology

Legacy systems present significant but distinct challenges compared to modern infrastructure. True legacy environments – those entirely disconnected from organizational networks – pose one set of issues.

More problematic are brownfield systems: legacy equipment retrofitted for internet connectivity that was never designed for networked operation. Often, the imperative for connectivity overrides these security considerations.

Compounding this is the human factor. Maintaining these legacy systems requires specialized knowledge increasingly scarce as experienced technicians retire. This skills gap affects multiple sectors, particularly in medical industrial control systems, where ageing workforces possess irreplaceable institutional knowledge about legacy technologies.

In contrast, purpose-built greenfield systems designed from inception for connectivity should theoretically offer greater security. Modern supply chain complexities, however, introduce new vulnerabilities. Third-party devices often incorporate multiple proprietary and open-source components – we’re seeing products comprising 35% open-source code and 65% vendor-supplied elements, wrapped in custom applications.

Without comprehensive software and hardware bills of materials, healthcare providers cannot properly assess fourth-party risks when failures occur. Was an outage caused by a vulnerable open-source component? A supplier’s compromised infrastructure? This opacity creates unacceptable exposure in critical healthcare environments.

A Prescription for Stronger Healthcare Cybersecurity

A multi-layered approach is essential for effective cybersecurity in healthcare organizations.

At the governance level, board members and senior executives must champion cybersecurity as a strategic priority. Without this top-down commitment and clear communication throughout the organization, security teams face an uphill battle in implementing protective measures. Leadership must articulate why cybersecurity matters not just for compliance, but to maintain patient trust and operational continuity.

In complex hospital environments with numerous connected systems, security teams struggle to maintain visibility. Business units must proactively engage security specialists early in procurement processes – particularly when acquiring new clinical technologies. Rather than viewing security as an obstacle, teams should recognize its role as an enabler that facilitates safe innovation. Each new system requires evaluation beyond basic compliance.

The human element forms the third critical layer. Cybersecurity awareness must permeate the entire organization, from clinicians to administrative staff. Every employee serves as a potential first line of defense. The threat landscape has grown more sophisticated with AI-enabled deepfakes creating highly convincing phishing attempts. Regular training and testing programs are essential to maintain cyber awareness across all staff levels.

Ultimately, theoretical preparedness must be validated through realistic testing. Organizations need to simulate scenarios using events like Red team testing that can simulate a ransomware attack.

This way, a security team’s first real test does not occur during an actual crisis.

Establishing a Security Framework

I would strongly recommend that security teams avoid treating cybersecurity as a separate, specialized domain. Most hospitals already have well-established emergency response frameworks, and rather than creating parallel systems, cybersecurity should integrate seamlessly into these existing risk management structures.

The challenge lies in normalizing cyber threats as just another operational risk, not some exceptional digital phenomenon. While security professionals might instinctively want bespoke solutions, we must recognize that crisis management principles remain consistent whether responding to a physical emergency or a cyberattack. The same crisis communication protocols should apply – involving public relations, legal counsel, executive leadership, and, where appropriate, law enforcement.

Is there a role for government? What should the UK government be doing?

Government undoubtedly plays a crucial role in cybersecurity, with approaches varying across jurisdictions – from the Cybersecurity and Infrastructure Security Agency’s (CISA) efforts in the US to the UK’s participation in Five Eyes intelligence sharing. This global cooperation highlights the importance of public-private partnerships in threat intelligence dissemination.

The challenge lies in the disparity between large healthcare providers with dedicated security resources and smaller entities lacking such capabilities. While major hospitals may maintain their own threat intelligence programmes, most healthcare organizations simply cannot afford equivalent investments. They rely on the government to share actionable intelligence and create safe reporting channels without punitive regulatory consequences.

Regulation presents something of a paradox. While necessary, an overly compliance-focused approach risks misaligning priorities – emphasizing box-ticking over genuine security improvement. Government guidance should instead clearly communicate why specific measures matter and help private healthcare providers understand their security responsibilities while benefiting from state-level intelligence that would otherwise remain inaccessible.

Do you get a sense that the healthcare sector is starting to wake up to the threats?

The growing awareness of cybersecurity risks in healthcare has evolved significantly following several high-profile global breaches. The stakes extend far beyond financial considerations – at the heart of this lies patient trust. When individuals share their most sensitive data, including genomic information and family medical histories, they require absolute confidence in its protection. This trust forms the foundation of patient-provider relationships and influences healthcare choices.

A version of this article originally appeared on Healthcare Today

Kory Daniels: The threat of cyberattacks on healthcare - Healthcare Today