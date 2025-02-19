Healthcare cyberattacks significantly affected the healthcare sector in 2024 and remain a top concern in 2025, the Health Information Sharing and Analysis Center, or Health-ISAC, shared in a report examining the healthcare cyberthreat landscape.

A survey of approximately 200 healthcare cybersecurity executives and professionals identified ransomware, phishing, compromised credentials, third-party credentials and data breaches as the top five cyberthreats facing their organizations in 2024.

Looking to 2025, healthcare cybersecurity professionals reported ransomware deployments, third-party breaches, data breaches, supply chain attacks and zero-day exploits as the top five cyberthreats facing their organizations now.

While the top threats year-over-year are similar, 2024 cyberattack trends show that cyberthreat actors are evolving and adjusting their tactics. Healthcare organizations will have to remain similarly adaptable to effectively tackle these threats in 2025.

2024 healthcare cyberattack trends reveal new patterns Health-ISAC highlighted several major cyberattacks and vulnerability exploits that occurred in 2024, which are setting the tone for the healthcare cyberthreat landscape in 2025. For example, the February 2024 Change Healthcare cyberattack highlighted the effects that a cyberattack can have on operations and patient care. The May 2024 cyberattack against Ascension Healthcare also had widespread impacts and necessitated ambulance disruptions. Supply chain attacks were also a trend in 2024, as exemplified by the numerous attacks on third-party blood suppliers. Survey respondents said that disruptions in the normal operation of medical technology, such as loss of EHR access or ambulance diversions, had the most significant impact on healthcare organizations in 2024. Other top impacts to the sector included unauthorized access or exposure of protected health information and disruption of overall hospital operations, such as scheduling and communication. Health-ISAC tracked 458 ransomware attacks in the healthcare sector in 2024. LockBit 3.0 was the most active ransomware gang to target the healthcare sector, with 52 documented attacks. LockBit 3.0 was followed by INC Ransomware, RansomHub, BianLian and Qilin, all of which executed notable cyberattacks against the sector in the past year. Notable tactics that emerged from Health-ISAC's analysis of 2024 cyberattacks included several social engineering schemes, including help desk targeting, spam-bomb social engineering and telephone-oriented attack delivery campaigns. Remote desktop protocol (RDP) exposure was the most commonly observed vulnerability in 2024. Health-ISAC distributed 105 targeted alerts about RDP exposure to members and non-members last year and urged members to ensure that all non-essential RDP protocols are disabled. Health-ISAC's survey results and analysis of the attacks it observed in 2024 showed that ransomware, social engineering and vulnerability exploitation remained fixtures in the healthcare cyberthreat landscape throughout the year.