Cyber-attacks against the healthcare sector surged in 2024, outpacing incidents in other critical industries, according to data from Darktrace, reports Infosecurity Magazine. The company responded to 45 cybersecurity incidents impacting healthcare organizations last year—more than in finance, energy, insurance, or telecoms. With patient data highly sensitive and healthcare infrastructure often essential to national services, the sector has become an increasingly valuable target for both financially motivated and state-linked threat actors.
The primary methods used to compromise healthcare organizations were phishing attacks and the exploitation of edge infrastructure vulnerabilities, which together accounted for over two-thirds of incidents. Interestingly, most intrusions did not result in ransomware deployment or data exfiltration. Instead, they resembled early-stage compromises designed to establish access, possibly for future attacks—mirroring tactics associated with more advanced threat actors.
Phishing campaigns have also become more personalized, with one-third targeting high-level users such as executives and decision-makers. A significant number of these emails came from or impersonated suppliers, exploiting established trust relationships. This makes detection difficult and raises the stakes for vendor risk management and email security strategies.
Another key risk driver is the expanding digital footprint of healthcare organizations. The rise of cloud-based services, third-party integrations, and IoMT devices has created more entry points for attackers. In one case, malware was found on a medical imaging device, not for stealing health data, but to establish broader access to the network. Such examples illustrate the need for continuous monitoring of all connected systems—clinical and otherwise—to safeguard the evolving healthcare environment.
