These attacks-beyond simple data theft-pose direct risks to patient safety, with the potential to disrupt life-saving services, corrupt medical devices, and compromise vast troves of sensitive data.
Recent years have seen an exponential rise in ransomware and extortion campaigns against healthcare providers worldwide.
According to security research spanning 2023 and 2024, healthcare ranks among the top three sectors targeted by ransomware.
Microsoft reported a staggering 300% increase in such attacks on healthcare since 2015, with 2024 marked as the worst year for data breaches
Two major ransomware incidents exemplify the grave impact these attacks can have: the ALPHV group’s assault on Change Healthcare in the United States disrupted over 100 critical healthcare applications, preventing patients from accessing medication and procedures, and exposing the data of approximately 190 million individuals.
Similarly, the Qilin ransomware attack on Synnovis in the UK delayed thousands of urgent medical procedures and diagnostics across multiple NHS trusts.
In both cases, attackers exploited known vulnerabilities to penetrate networks, highlighting the sector’s endemic issue with patch management and vulnerability mitigation.
The exploitation of IT vulnerabilities remains a preferred initial access vector, with attackers leveraging both known bugs and zero-days.
For example, in 2023, the Clop ransomware gang exploited a zero-day SQL injection vulnerability (CVE-2023-34362) in the MOVEit Transfer platform, causing a global cascade of data breaches through a supply-chain compromise.
Healthcare networks, often built atop a complex web of legacy and modern devices, lag in regular patching, making them attractive targets for actors seeking access through soft spots such as VPN appliances and network gateways.
Beyond IT infrastructure, the threat extends into the operational technology and medical device ecosystem that underpins critical hospital functions-from power management to diagnostic imaging.
Medical devices, increasingly connected to hospital networks, are riddled with high-severity vulnerabilities, often originating from legacy firmware, hardcoded credentials, or outdated libraries.
In May 2025, ICS-CERT issued an advisory for Pixmeo OsiriX MD, warning that attackers could exploit memory corruption flaws to cause denial-of-service states or steal credentials.
While major OT-focused attacks in healthcare have yet to materialize, the risk of attackers pivoting to these systems is escalating, with potential consequences including the manipulation of diagnostic results, sabotage of treatment devices, or life support system shutdowns.
Medical image sharing protocols such as DICOM are also under scrutiny. Researchers recently identified DICOM-viewer-based malware propagation, with notable incidents involving the deployment of Chinese APT-linked backdoors under the guise of Philips and Siemens viewing software.
Such attacks could facilitate both mass data theft and, hypothetically, image tampering-raising ethical and practical concerns for patient diagnosis.
Nation-state actors are increasingly involved, frequently blurring the lines between espionage and profit-driven cybercrime.
APT groups linked to Iran, North Korea, and China have been caught targeting healthcare entities-for instance, the Pioneer Kitten APT reportedly provided network access to ransomware affiliates, while North Korea’s Maui ransomware targeted US hospitals.
Chinese actors have historically targeted R&D institutions for vaccine data, with such interests persisting as biomedical innovation remains geopolitically sensitive.
In response, healthcare organizations and governments are ramping up cybersecurity measures, from implementing zero-trust architectures and improved incident response, to enforcing stricter breach reporting laws and investing in international threat intelligence sharing.
Nonetheless, as healthcare delivery becomes increasingly digitized, the sector must recognize cybersecurity as intrinsic to patient safety-underscoring the urgent need for sustained investment, education, and vigilance against a rapidly mutating threat landscape.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
The post Nation-State Hackers Attack Healthcare Sector to Disrupt IT and OT Systems appeared first on Cyber Security News.
According to Reuters, Meta is looking to offset spending on AI and data centers with…
Hulu has decided to scrap Buffy the Vampire Slayer: New Sunnydale, its planned continuation series…
Jostling a folded piece of paper, holding it marooned in the air, selectman Beth Blair…
Boscawen voters cruised through a speedy town meeting Friday night, one with so little controversy…
Happy Saturday, all! This week, we found a number of deals that should help you…
Though it was weird to see the Golden Globes partner with Polymarket for its most…
This website uses cookies.