2025’s Biggest Healthcare Cybersecurity Threats

Why Healthcare Systems Are Targeted

Greg Young, vice president of cybersecurity at Trend Micro, says an organization’s biggest vulnerability is simply being in the healthcare industry.

“The amount of key data within these organizations is a treasure trove to cybercriminals,” he says. “It’s also an industry known for paying ransoms. This all leads to increased attacks.”

He adds that adversaries will target any weaknesses or gaps in the security controls of healthcare organizations. Lack of funding or security expertise could continue to contribute to successful breaches in 2025.

“Healthcare organizations must revisit their entire cybersecurity strategy for threats ranging from ransomware to phishing and cloud vulnerabilities, which are often caused by weak controls,” he says.

Sandeep Kumbhat, field CTO at Okta, says cyberthreats not only endanger patient privacy, they can disrupt operations by shutting down systems, which can impact clinical outcomes.

“Cyberattacks also significantly strain healthcare finances due to rising HIPAA violation fines and costly breach remediation efforts,” he adds. “Regulatory fines increase for organizations repeatedly breached, and startups face funding challenges if they fail to prioritize robust cybersecurity measures.”

DISCOVER: What is cyber resilience, and how should healthcare organizations approach it?

The Top Cybersecurity Threats for 2025

The top threats facing healthcare organizations include ransomware, breaches caused by cloud vulnerabilities and misconfigurations, bad bot traffic, and phishing. Phishing is getting a boost through the application of AI and large language models.

“Ransomware and phishing are ongoing concerns for the industry,” says Derek Manky, chief security strategist and global vice president of threat intelligence at Fortinet’s FortiGuard Labs.

He says that as AI-driven tools become increasingly ubiquitous, cybercriminals are using the technology to inform the reconnaissance and weaponization phases of the cyber kill chain.

“As a result, threat actors are executing targeted attacks quickly and more precisely,” Manky says.

Ransomware Threats

Healthcare organizations face two pressing ransomware threats, according to Kumbhat. One involves mass data attacks targeting cloud backups, logs and archives.

“Rather than targeting individual patient data, attackers aim to capture large-scale historical data to extort entire organizations,” he says.

The second threat arises from session-based attacks stemming from weak authentication or identity management.

“Compromised patient sessions, often due to insufficient security measures, allow attackers to pinpoint individuals or specific groups, leading to targeted ransomware campaigns,” Kumbhat explains.

He says both threats underscore the need for strong data lifecycle security and identity management solutions in healthcare.

“Healthcare is a top target for ransomware because they have the crown jewel of data from a patient care perspective,” Kumbhat adds.

Cloud Vulnerabilities and Misconfigurations

Young explains that cloud vulnerabilities and misconfigurations can expose healthcare organizations to data breaches and unauthorized access, jeopardizing sensitive patient information and compliance with regulations.

These misconfigurations can be addressed with a cloud security posture management tool that should ideally be integrated into a modern cybersecurity platform.

He also suggests that healthcare organizations map their digital supply chains, noting that third parties must be assessed at contract issuance and renewal for their security posture as part of the selection process.

“Ideally, the supply chain map can include software bills of materials — the ingredients list for software to help identify risks in their own software and in third-party software,” he says.

Bad Bot Traffic

Bad bot traffic consists of automated programs that mimic human behavior online, often used in attacks such as credential stuffing, data scraping and denial-of-service attacks. In healthcare, these bots can target patient portals or steal sensitive data, posing significant security risks to systems and patient privacy.

Manky says that there are several steps teams should take to avoid falling victim to automated threats. These include harnessing AI to gain greater visibility across the attack surface, detect automated attacks and remediate incidents faster.

“Healthcare organizations are also increasingly embracing a unified cybersecurity platform that converges networking and security solutions,” he says.

DIVE DEEPER: Get insights into the security landscape with the 2024 CDW Cybersecurity Research Report.

Phishing

Kumbhat says that cybercriminals use deceptive emails or messages to trick employees into revealing credentials or clicking malicious links.

“This leads to unauthorized access to electronic health records, financial data or other confidential information,” he says. “Phishing is everywhere.”

Young adds that in attacks against healthcare, AI is primarily used to enhance phishing effectiveness.

“Healthcare has so much personal information, and with phishing already an effective attack strategy, improving on it is worthwhile for malicious actors,” he says.

In this case, AI is used to create more convincing phishing messages by farming information from public sources, social media and data culled from other victims. It can help attackers avoid making the mistakes that easily reveal a message as phishing.

“We’re not seeing attackers using AI for anything extraordinarily complex and expensive,” Young says. “Why bother when phishing and conventional vulnerability-focused malware work so well?”