Healthcare has remained one of the most targeted sectors in 2025 for both cybercriminals and nation‑state actors. This insight draws upon publicly reported incidents, industry research, academic studies, and international regulations. The selected cases reflect high economic, clinical, and geopolitical impact, ensuring geographical diversity and highlighting third‑party involvement. The goal is to provide a concise but comprehensive overview of the evolving threat landscape.

During the past year, ransomware, data theft, and espionage paralysed hospitals, laboratories, and supply chains. The Change Healthcare breach, which began in February 2024, demonstrated how a single billing services provider can disrupt the healthcare ecosystem, costing billions in unpaid claims and compensations. By mid‑2025, hundreds of reported healthcare breaches had occurred; the total number approached 500 only later in the year. These breaches affected tens of millions of individuals, mostly through electronic health record (EHR) systems and exposed servers. Healthcare continues to suffer the highest average breach costs (over $7 million per incident) and breaches take around 279 days to identify and contain. This economic pressure is compounded by the lucrative stolen‑data market: complete medical dossiers can sell for hundreds of dollars on the dark web, far more than credit card or Social Security numbers. As a result, not only hospitals but also diagnostic labs, research centres, insurance companies, and telemedicine providers face escalating threats.

Simultaneously, the rapid adoption of Internet of Medical Things (IoMT) devices and the persistence of legacy systems widen the attack surface. Surveys of connected medical and OT devices show that a large majority of organisations have publicly exploitable vulnerabilities. Many devices (infusion pumps, ICU monitors, imaging systems) run outdated software or default credentials. Without centralised inventories and network segmentation, attackers can leverage a compromised sensor to penetrate deep into patient databases. The regulatory environment is tightening: updated HIPAA rules, FDA requirements for “cyber devices,” European directives such as GDPR, NIS2, and DORA, and forthcoming regulations like the EU Cyber Resilience Act are imposing stricter security and reporting obligations. Nevertheless, many healthcare organisations still lag behind other sectors in cyber maturity, with low adoption of frameworks like the NIST Cybersecurity Framework or zero‑trust architectures.

Key Observations

• Escalation and costs of breaches – In 2025 healthcare has seen a sharp rise in cyber incidents. By mid‑year there were hundreds of reported breaches, with the cumulative total nearing 500 only later in the year. These incidents cost more than $7 million on average and take months to contain, pointing to both high financial impact and slow response capability.
• High value of health data – Medical records contain enduring personal and clinical information that can be monetised through identity theft, extortion, and insurance fraud. A single health record can sell for tens to hundreds of dollars on the dark web, making healthcare data far more lucrative than other personal information.
• IoMT and legacy vulnerabilities – Around 89 % of healthcare organisations use connected devices with known exploits, and 99 % have devices with known exploited vulnerabilities. Many devices lack modern security controls, and inadequate network segmentation allows attackers to move laterally. A recent European case highlighted how an unpatched IoMT device was exploited to access radiology servers and deploy ransomware.
• Third‑party and supply chain risks – Approximately 37 % of healthcare breaches involve vendors or business associates. High‑profile incidents show how a single compromised billing or laboratory software provider can cascade across hundreds of facilities. Effective third‑party risk management, including security clauses in contracts and regular audits, is increasingly essential.
• Governance and regulation – The sector faces an evolving regulatory landscape. Updates to HIPAA and FDA guidance mandate proactive risk management and device cybersecurity plans. European regulations (GDPR, NIS2, DORA) and forthcoming legislation like the Cyber Resilience Act impose stricter breach reporting and supply‑chain accountability. However, many healthcare organisations still trail behind finance and energy in adopting robust cybersecurity governance.

Why It Matters

• Patient safety and continuity of care – Cyberattacks can directly jeopardise patient care. They may delay surgeries, block prescription systems, and force ambulance diversions, with some hospitals resorting to manual operations during IT outages. Ensuring digital resilience is critical to protecting life‑saving services.
• Lateral movement and evolving tactics – Attackers exploit IoMT devices and stolen credentials to move laterally through networks. Ransomware now often includes data‑exfiltration components and uses sophisticated phishing or AI‑driven polymorphic malware to evade defences. Healthcare must adopt advanced detection methods and robust identity controls.
• Geopolitical and hacktivist threats – State‑sponsored groups target healthcare for espionage and intellectual property theft. At the same time, hacktivists launch DDoS attacks in response to health policies, making healthcare a theatre for hybrid conflict. Strong collaboration between healthcare institutions and national cybersecurity agencies is essential.
• Human factors and training – Many healthcare staff lack adequate cybersecurity training, and high clinical workloads can lead to phishing susceptibility and security workarounds. Building a security-aware culture, integrating cyber hygiene into clinical workflows, and regularly drilling emergency procedures are vital.
• Sector disparities and economic consequences – Healthcare experiences more breaches and higher costs than sectors like energy and finance due to historically lower security investment and legacy infrastructure. Recognising this gap helps justify budgets and incentives needed to enhance security and resilience.

Looking Ahead

• AI‑powered Ransomware‑as‑a‑Service – Criminal platforms are likely to offer AI-enhanced ransomware kits, including polymorphic malware and tailored phishing. Healthcare will need AI‑driven defences, behavioural detection, and real-time threat intelligence to counter these attacks.
• New attack surfaces – Expansion of 5G, telemedicine, and consumer wearables introduces additional entry points. Securing remote monitoring systems, implantable sensors, and health apps will require stronger encryption, identity verification, and patient education.
• Regulation and post‑quantum readiness – New regulations like the Cyber Resilience Act and ISO/IEC guidelines will impose more stringent security standards for medical devices and digital products. Healthcare organisations must map current encryption usage and plan migration to post‑quantum algorithms to protect long-term data.
• Resilience, governance, and accountability – Resilience must be proactive, involving zero‑trust architectures, network segmentation, end‑to‑end encryption, and offline backups. Boards should establish cybersecurity committees, set performance metrics, and integrate risk management into strategic planning.
• Patient engagement and digital hygiene – Patients play a critical role in security. Educating users on strong passwords, multi‑factor authentication, and phishing recognition, and designing user-friendly security features into portals and devices, will help protect the extended healthcare ecosystem.

Our Perspective

• Collaboration and threat intelligence sharing – Healthcare entities should participate in information-sharing networks and cross-sector partnerships to exchange attack indicators and best practices. Collaboration with other critical sectors enhances preparedness and enables rapid response to new threats.
• Security culture and training – Building cyber resilience means fostering a culture where every staff member understands and practices cybersecurity. Regular simulations, crisis drills, and role-specific training ensure that teams can maintain safe operations during an incident.
• Ethical AI and data protection – As AI transforms diagnostics and operations, organisations must maintain transparent governance, address model bias, and protect the security of AI systems. Adhering to emerging standards and ensuring data minimisation will sustain trust in AI-driven healthcare.
• Quantum readiness and leadership accountability – Preparing for quantum computing involves mapping sensitive data stores, working with vendors to adopt quantum-resistant cryptography, and briefing boards on these emerging risks. Leadership must champion cybersecurity as a strategic priority.
• Empowering patients – Healthcare providers should consider patients as partners in cybersecurity. Clear guidance on secure behaviours, two-factor authentication, and safe use of health apps will reduce vulnerabilities introduced via patient devices or accounts.

Conclusion

Attacks on the healthcare sector in 2025 reveal a complex threat landscape where high-value data, widespread IoMT devices, fragile supply chains, and geopolitical tensions intersect. Mitigating these risks requires integrated strategies that combine advanced technology, governance, continuous training, and collaboration across sectors. By prioritising readiness and resilience, ethical innovation, and forward-looking planning, the healthcare industry can protect patient safety, maintain trust, and ensure continuity of care in the face of evolving cyber threats.

References

1. Ponemon Institute & IBM Security. Cost of a Data Breach Report 2025. IBM Security, 2025.
2. Health Information Sharing & Analysis Center (Health‑ISAC). Health Sector Cybersecurity Threat Landscape Q1 2025. Health‑ISAC, 2025.
3. Claroty & Ponemon Institute. State of CPS Security: Healthcare Exposures 2025. Claroty, 2025.
4. Identity Theft Resource Center. 2023 Annual Data Breach Report. ITRC, 2024.
5. U.S. Food and Drug Administration (FDA). Cybersecurity in Medical Devices – Guidance for Industry and Food and Drug Administration Staff. FDA, 2023.
6. European Commission. Directive (EU) 2022/2555 on Measures for a High Common Level of Cybersecurity across the Union (NIS2). Official Journal of the European Union, 2022.
7. HIPAA Journal. H1 2025 Data Breach Report. The HIPAA Journal, July 2025.