Healthcare organizations are increasingly under siege from sophisticated cyberattacks, with ransomware groups exploiting vulnerabilities in critical infrastructure.

In 2024, nearly 400 U.S. healthcare organizations reported incidents linked to ransomware operators like LockBit 3.0, ALPHV/BlackCat and BianLian, according to a recent report from Veriti.

Half of healthcare organizations surveyed said they lack confidence in detecting and resolving such breaches, 42% of organizations lack policies to prevent unauthorized data access, and 51% lack the necessary technologies for breach prevention.

Endpoint misconfigurations emerged as a significant risk, with 35% of systems unable to quarantine malicious files, increasing susceptibility to ransomware encryption.

Misconfigured recovery processes further exacerbated risks, impacting 22% of hosts by allowing attackers to disable volume shadow copies and recovery tools.

Medical devices and protocols like DICOM are also vulnerable, creating opportunities for data theft and unauthorized access.

Oren Koren, cofounder and CPO of Veriti, explained that the rise of IoT devices, AI integration and cloud-based systems adds new dimensions to these challenges.

He said one of the most concerning findings from the report was the fact that vulnerabilities are not and will not be patched.

"This poses an extensive threat to any healthcare organization that uses devices that can’t be updated or upgraded, due to compliance and regulation," he said. "Unfortunately, we will continue to see healthcare organizations getting hammered by ransomware as a result of that."

Koren added that, in the face of evolving threats, healthcare organizations are currently focusing on two main things – virtual patches, using the compensating control as a countermeasure for risks they can’t address, and disaster recovery plans with massive purchases of hardware and software for a catastrophic event.

“They will need to evaluate their current systems and adapt to more innovative control measures to avoid future threats,” he said.

Koren predicted that IoT threats would continue to evolve in 2025 and cautioned that exposed assets – those which must be exposed for maintenance – are getting hacked much faster.

“The usage of AI and automatic vulnerability scanning performed by the attackers allows them to find an exposed IoT device and conduct an attack on it much quicker than they used to be able to,” he said.

He added most healthcare organizations’ security controls now rely on advanced AI to analyze threats.

However, due to strict regulations, sensitive healthcare data needs to remain confidential, meaning patient data is excluded from AI analysis

Koren said by 2025, enhanced intelligence sharing will enable rapid responses to emerging threats.

“When a threat is identified in one organization, alerts and necessary countermeasures will be swiftly disseminated to others – emphasizing pre-breach hardening as the central approach,” he explained.

As healthcare organizations struggle to defend themselves from a growing number of threats, they are turning to Zero Trust, micro-segmentation and proactive threat-management to shore up security.

A recently introduced healthcare cybersecurity bill would support healthcare organizations with grants aimed at strengthening prevention and response, while the Administration for Strategic Preparedness and Response is seeking feedback through surveys and task-group evaluations to assess and strengthen the cybersecurity readiness of public health organizations.

Nathan Eddy is a healthcare and technology freelancer based in Berlin.
Email the writer: nathaneddy@gmail.com
Twitter: @dropdeaded209