This year has seen a dramatic surge in cyberattacks and data breaches within the healthcare sector, raising significant concerns among industry professionals and business owners alike. Notably, these incidents pose substantial risks not only to patient safety but also to the financial viability of healthcare organizations, with potential losses amounting to millions of dollars. Cybercriminals have increasingly exploited outdated technological infrastructures, taking advantage of vulnerable systems to hold sensitive patient data to ransom, forcing health organizations into difficult positions regarding whether to comply with demands or risk further exposure of this information on illicit dark web marketplaces.
The ransomware attack on Change Healthcare, a subsidiary of UnitedHealth, stands as the most significant cybersecurity event this year. This attack severely disrupted vital financial transactions between insurers and healthcare providers for several weeks, affecting an estimated 100 million Americans. The attack’s widespread ramifications led federal regulators to initiate an investigation into the incident, and Andrew Witty, CEO of UnitedHealth, was called to testify before Congress regarding the company’s cybersecurity protocols.
While the attack on Change Healthcare was particularly severe, other breaches were reported, impacting healthcare operations nationwide. A notable incident involved a ransomware attack against Ascension, one of the nation’s largest nonprofit healthcare systems. This breach took its electronic health record system offline and forced some hospitals to divert ambulances. As reported, the event adversely affected clinical operations in 11 states and Washington, D.C., and Ascension’s leadership indicated that the attack contributed to a staggering $1.1 billion net loss for the 2024 fiscal year.
Smaller facilities were not spared; various healthcare providers, including a children’s hospital in Chicago, operations in Michigan, and a healthcare system in Colorado, faced their own cyber challenges. In some cases, organizations contended with both ransomware attacks and subsequent data breaches. Breaches recorded post-cyberattack have surged, exemplified by incidents involving a contractor for the Centers for Medicare & Medicaid Services and benefits administrator HealthEquity, compromising personal health information of over 900,000 and 4.3 million members, respectively. Notably, the frequency of large data breaches reported has increased by 141% in 2023 compared to the previous year, marking a troubling trend.
As we approach 2025, it is pertinent to consider the various tactics and techniques associated with these cyber incidents under the MITRE ATT&CK framework. The healthcare sector has witnessed initial access likely through methods such as phishing or exploiting unpatched vulnerabilities, followed by tactics related to persistence and privilege escalation that enable adversaries to maintain control over compromised systems. These adversarial tactics not only allow attackers to execute ransomware but also facilitate data exfiltration and subsequent breaches, further complicating recovery efforts for affected organizations.
In summary, the healthcare industry’s growing vulnerabilities were starkly illuminated this year through a series of high-profile cyberattacks and data breaches. As these incidents continue to unfold, business leaders in the sector must remain vigilant, utilizing comprehensive cybersecurity strategies to mitigate potential threats while safeguarding the sensitive data of patients.
