Healthcare organizations are increasingly subject to sophisticated cyberattacks, and ransomware groups are exploiting vulnerabilities in critical infrastructure.
According to a recent study, in 2024, nearly 400 U.S. healthcare organizations reported incidents related to ransomware operators such as LockBit 3.0, ALPHV/BlackCat, and BianLian. report from Veriti.
Half of healthcare organizations surveyed said they were unsure about detecting and resolving such breaches, 42% of organizations did not have policies in place to prevent unauthorized access to data, and 51% did not have the technology necessary to prevent breaches.
Endpoint misconfigurations have emerged as a significant risk, with 35% of systems unable to quarantine malicious files, increasing vulnerability to ransomware encryption.
Misconfigured recovery processes further increased the risk, affecting 22% of hosts, allowing attackers to disable volume shadow copies and recovery tools.
Medical devices and protocols such as DICOM are also vulnerable to attacks, creating opportunities for data theft and unauthorized access.
Oren Koren, co-founder and CPO of Veriti, explained that the development of IoT devices, the integration of artificial intelligence and cloud-based systems add a modern dimension to these challenges.
He said one of the most disturbing conclusions from the report is that security vulnerabilities are not and will not be patched.
“This poses a huge risk to any healthcare organization using devices that cannot be updated or modernized for compliance and regulatory reasons,” he said. “Unfortunately, as a result, we will continue to see ransomware attacks on healthcare organizations.”
Koren added that in the face of evolving threats, healthcare organizations are currently focusing on two main things – virtual patches, the utilize of compensatory control as a countermeasure to risks they cannot address, and disaster recovery plans that include bulk purchases of hardware and software for a catastrophic event .
“They will need to evaluate their current systems and adapt to more innovative control measures to avoid future threats,” he said.
Koren predicted that IoT threats will continue to evolve in 2025 and cautioned that exposed assets – those that need to be exposed for maintenance – are being compromised much faster.
“The use of artificial intelligence and automatic vulnerability scanning performed by attackers allows them to find an exposed IoT device and launch an attack on it much faster than previously possible,” he said.
He added that most healthcare organizations’ security mechanisms now rely on advanced artificial intelligence to analyze threats.
However, due to strict regulations, sensitive healthcare data must remain confidential, which means patient data is excluded from AI analysis
By 2025, improved intelligence sharing will enable rapid responses to emerging threats, Koren said.
“When a threat is identified in one organization, alerts and necessary countermeasures will be quickly distributed to others, with the main approach being to strengthen defenses against a breach,” he explained.
As healthcare organizations struggle to defend against a growing number of threats, they are turning to Zero Trust, micro-segmentation, and proactive threat management to enhance security.
The recently introduced Health Care Cybersecurity Act would support health care organizations with grants to strengthen prevention and response, while the Strategic Preparedness and Response Administration seeks feedback through surveys and task force assessments to assess and strengthen the cybersecurity preparedness of public health organizations .