As first reported by Infosecurity Magazine, cyberattacks against healthcare providers have intensified significantly in 2024, with data breaches costing the industry an average of $10 million annually between 2020 and 2024. Darktrace analysts point to the sector’s critical role in national infrastructure and the sensitive nature of patient data as primary reasons it remains the top target for cybercriminals and state-aligned threat actors.
Phishing, Infrastructure Exploits, and Business Email Compromise
The report finds that over two-thirds of healthcare breaches were due to phishing (32%) and edge infrastructure vulnerabilities (36%), including common flaws in systems from Citrix, Cisco, Fortinet, and Ivanti. Alarmingly, 75% of network intrusions involved email or cloud account compromise that did not escalate—suggesting that attackers are establishing persistent access for future campaigns. Many phishing attempts now impersonate trusted suppliers, exploiting vendor-provider relationships to bypass security.
VIP Users and Targeted Attacks
Attackers are increasingly zeroing in on VIP users—those with elevated privileges—using emails that appear legitimate and originate from compromised partner accounts. This shift reflects a more sophisticated, multi-stage approach typically associated with advanced persistent threat (APT) groups, indicating that healthcare organizations must enhance their monitoring and defense postures.
IoMT and Medical Devices Add New Risks
The expanding attack surface of healthcare systems now includes cloud platforms, third-party software, and Internet of Medical Things (IoMT) devices. Darktrace recently uncovered malware such as PurpleFox and DirtyMoe on a digital imaging device—not to steal data, but to infiltrate the network. As Patrick Anjos of Darktrace warned, this underscores the need for comprehensive monitoring that treats medical devices with the same vigilance as traditional IT endpoints.
As sophisticated adversaries continue to evolve their tactics, healthcare providers must shift toward proactive, AI-driven defenses that can detect lateral movement, monitor VIP user activity, and secure the full spectrum of digital and clinical assets. Simply put, safeguarding patient care now depends as much on cybersecurity as it does on medicine.
