Healthcare Under (Cyber) Attack: What You Need to Know

Uploaded on 2025-06-25 in FREE TO VIEW, BUSINESS-Services-Health & Welfare

Brought to you by CYRIN

Healthcare Under (Cyber) Attack: What You Need to Know

Advances in the digital environment have been a big help to the healthcare industry allowing them to offer options like telehealth, remote care and online access to patients for their records. However, this article will spotlight the problems and the impacts of those advances.

Recent breaches at two large providers underline the growing data leak threats experienced in this market, and what the industry and cybersecurity experts are doing about it.

Recent Breaches

Recent data breaches at New Haven Health and Blue Shield of California illuminate the unique cyber vulnerabilities in the healthcare sector. Yale New Haven Health System (YNHHS), a nonprofit health system that includes five acute-care hospitals, a medical foundation, and multiple outpatient facilities and multispecialty centers in Connecticut, New York, and Rhode Island — and the largest healthcare system in Connecticut — reported the largest reported data breach incident in 2025 this far, impacting an estimated 5.6 million individuals.

On March 8 of this year, YNHHS detected anomalous activity in its IT systems. Marshalling external cybersecurity experts from Mandiant, the subsequent investigation revealed unauthorized access to the network. Although electronic medical records were not impacted by the breach, third party hackers were still able to access copies of highly sensitive data, including names, birthdates, phone numbers, race/ethnicity, email addresses, medical record and Social Security numbers. Although YNHSS assured patients that the quality and availability of medical care was not compromised, the YNHSS breach is the first of two major recent breaches.

In terms of severity and the number of impacted individuals, the YNHHS breach beats the first big breach of the year: Blue Shield of California, which impacted 4.7 million people when a configuration of Google Analytics enabled sensitive information to be shared with Google Ads.

While swift and immediate action contained the incidents, both breaches represent an uptick in data hacks of healthcare organizations. More than 700 healthcare data breaches were reported last year (2024) in the United States, with an estimated 180 million records compromised.

Three days after the breach, YNHHS reported on their website that there had been no disruption to patient care and that no financial information was compromised. However, these breaches highlight the increased cyber vulnerability within healthcare systems and how healthcare is particularly vulnerable.

Healthcare Cybersecurity Market: Trends & Expectations

The healthcare cybersecurity market is growing exponentially, reflecting a surge in both frequency and severity of cyberthreats, as well as the ongoing need for immediate investment in systems and strategies to help protect patient data and systems. According to a recent Astute Analytica report, the global healthcare cybersecurity market was valued at $21.25 billion in 2024; it is projected to reach $82.90 billion by 2033, reflecting a 18.55% compound annual growth rate (CAGR). This uptick is driven by a host of factors, including a rise in ransomware attacks as the healthcare industry moves to digital care and electronic record keeping. According to the Astute report, "Healthcare cybersecurity demand will be driven by ransomware resilience needs, FDA mandates for medical devices, and AI-powered threat detection."

According to most analysts, 2024 was a bad year for the healthcare industry. A rapid escalation of cyberthreats across the health care sector has resulted in “record growth” for cybersecurity spending, according to SecureWorld, “underscoring how critical cybersecurity has become for healthcare organizations.” A surge in “security spending created a $3.2 billion sub-market for healthcare-specific cybersecurity solutions.” Within an 18-month period, cyber incidents jumped 137%, raising alarm and pressure to create more robust cyber defenses.

The rapid and almost universal digitization of the healthcare industry has expanded the potential attack surface and increased the ease and likelihood of cyber threats. Cloud-based systems like electronic health records, telehealth options, and Internet of Things (IoT) medical devices may improve patient outcomes while introducing new cyber vulnerabilities.

As an example, a full 68% of healthcare IoT devices run on unsupported operating systems, making them an easy mark for hackers.

Cloud storage is at constant risk from reconfiguration and each connected device or cloud app is a possible entry point for malicious actors. As the attack perimeter grows, so must the defenses mitigate potential risks. According to SecureWorld, “This reality is driving demand for IoT security solutions, cloud security posture management, and zero-trust network architectures to secure an ever-widening perimeter.” As threats escalate, so do compliance regulations. Healthcare providers risk severe financial penalties and “reputational damage” for non-compliance and are now required to submit to regular security audits and risk assessments. A shift in the regulatory environment means constant investment in cybersecurity.

Telehealth and remote care, or RPM (remote patient monitoring) swelled during the COVID-19 pandemic. The rise in telehealth care created convenient healthcare delivery as well as new cyber risks. Healthcare apps and other remote care devices often lack robust security. As telehealth becomes a more acceptable standard of care, and not just a pandemic trend, more cybersecurity investment will be necessary.

According to Newsweek, in 2023, over 133 million records were exposed in the healthcare sector, according to U.S. Department of Health and Human Services (HHS) data compiled by hipaajournal.com. These attacks can have “devastating” consequences for both patients and providers, according to Louisiana State University Professor Elias Bou-Harb, who says: "This increase is driven by multiple factors. First, health care data is incredibly valuable—medical records contain personal, financial, and medical information, making them worth 10 to 50 times more than credit card details on the dark web. Additionally, the rapid adoption of Internet of Things (IoT) medical devices has expanded the attack surface, often without proper security controls. This, coupled with the ongoing shortage of cybersecurity professionals in health care, has left hospitals and medical facilities particularly vulnerable.”

Healthcare Delivery Organizations (HDOs) remain among the most targeted sectors due to the high value of the data they store, and the challenges inherent in securing their complex networks. According to Forescout, ransomware was the leading cause of breaches, followed by third-party system compromise, e-mail compromise, and phishing.

The average HIPAA enforcement penalty in 2024 was over $554,000 and as of April 30, 2025, a total of 238 data breaches had been reported on the HHS breach portal, which mandates disclosure for any incident affecting more than 500 individuals. Of these, nine breach investigations have been concluded, while 229 remained ongoing. These breaches impacted over 20 million individuals.

Cybersecurity Solutions For Healthcare

Cybersecurity in healthcare does not stop at the hospital or medical center door. It remains a strategic imperative – not an option -- for every organization linked with the healthcare sector, including insurance companies, providers, pharmaceutical companies, biotechnology, and medical equipment manufacturers. Protecting the “security and integrity of patient data” while meeting industry compliance regulations will be crucial for the healthcare industry in the years and decades ahead. As noted in Fortune Business Insights, the increase and severity of cyberattacks linked to “inadequate security protocols” will remain of primary concern and “drive the adoption of enhanced security solutions.” As technology advances, the protection of medical and health data will remain front and center. The safety of the networks and the sensitive data will require trained cybersecurity experts who can respond efficaciously to “zero-day vulnerabilities,” as well as a focus on cyber resilience strategies that are efficient and aligned with compliance standards.

Breaches not only have the potential of leading to hefty fines, but more importantly, they can disrupt and compromise the delivery of care and put lives at risk. Healthcare executives increasingly view cybersecurity protocols are more than just an “IT issue,” but a “core business risk.”

How Can CYRIN Help?

Yes, we continue to beat the drum for training, because we realize how important it is to all sectors of society, and healthcare of course is a major sector and concern when it comes to cybersecurity. Whether it’s Boot Camps, Capture the Flag (CTF), self-directed learning or courses offered by our education partners, CYRIN works to create critical skill sets for industry, government and the cybersecurity workforce for the future.

We continue to work with our industry partners to address major challenges including incident response, ransomware, and phishing and set up realistic scenarios that allow them to train their teams and prepare new hires for the threats they will face. Government agencies have been using CYRIN for years, training their front-line specialists on the real threats faced on their ever-expanding risk surface. For educators, we consistently work with colleges and universities both large and small to create realistic training to meet the environment students will encounter when they graduate and enter the workforce.

In an increasingly digitized world, training and experiential training is critical. Unless you get the “hands-on” feel for the tools and attacks and train on incident response in real world scenarios, you just won’t be prepared for when the inevitable happens. A full-blown cyberattack is not something you can prepare for after it hits.

The best time to plan and prepare is before the attack. Our training platform teaches fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, no special software required. Our new programs, including Digital Twins, can create real-world conditions for you to practice before you must act. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!

Image: Ideogram

You Might Also Read:

Entering the Cybersecurity Workforce: Where to Begin?:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.