Cyber Threats in Healthcare: The Evolving Landscape in 2025
Generado por agente de IAIndustry Express
jueves, 3 de abril de 2025, 3:35 pm ET4 min de lectura
UNH--
The healthcare sector has long been a prime target for cybercriminals, and the escalating frequency and severity of cyberattacks in 2025 underscore the urgent need for robust cybersecurity measures. The demand for healthcare records remains high, driven by both nation-state intelligence gathering and criminal financial gain. As the cyber threat landscape evolves, healthcare organizations are learning to better prepare for these attacks, focusing on maintaining clinical continuity and business resiliency during prolonged outages.
The Cyber Onslaught: Where Do We Stand So Far in 2025?
In late January 2025, it was revealed that the ransomware attack against UnitedHealth GroupUNH-- subsidiary Change Healthcare in 2024 exposed the health data of 190 million people—up from previous reports of 100 million. By the end of 2024, 259 million Americans’ health care records had been stolen in part or full, including those through the Change attack. According to breach notices filed with the U.S. Department of Health and Human Services Office of Civil Rights, since 2020 over 500 million individuals—more than the U.S. population—have had their health care records stolen or compromised at least once. Despite this staggering number, the market for health care data remains lucrative, as patients’ health records continue to be updated, providing fresh data for hackers.
Healthcare data has tremendous intelligence value for nation-states, including Russia, North Korea, Iran, and China. These nations target information on top government officials, military leaders, law enforcement, federal agents, and corporate CEOs. They build databases on these individuals’ health conditions, family members, travels, and ranks, making them susceptible to compromise today and in the future. For instance, someone who gains a prominent position five years from now could be targeted based on data collected years earlier.
In the criminal market, healthcare records are used to commit financial crimes such as identity theft and creating false credit histories. According to analysis by Kroll, a stolen healthcare record can be worth as much as $1,000 on the black market, making health records far more valuable than financial records. Healthcare also suffered more breaches than the financial sector in 2024. Criminals also hold data for ransom, threatening to publish it on the dark web or internet if the ransom is not paid. This dual threat of data extortion and system encryption puts healthcare organizations under immense pressure to pay ransoms to both unlock their systems and prevent public exposure of patient data.
The Use of AI Will Accelerate, Driven by Geopolitical Tensions
We are in the early stages of an AI-fueled arms race, with both cybercriminals and defenders leveraging AI to enhance their capabilities. The level of threat from these cyberattacks will be determined by geopolitical tensions and the approaches taken by the current administration in dealing with hostile nation-states and the criminal groups they harbor.
The main geopolitical tensions contributing to this AI cyber war include:
- The ongoing war in Ukraine.
- The situation in the Middle East, particularly the Gaza Strip and Iran, which has significant cyber offensive capabilities.
- North Korea’s use of funding from cybercrime to advance its nuclear weapons program and national security objectives.
- Malware from China, which has been found deeply embedded in critical infrastructure, including water, internet service, and telecommunications networks. If China chooses to invade Taiwan, it is poised to detonate this malware, causing massive infrastructure destruction intended to blunt our response. China remains our No. 1 cyberthreat.
The Good News: Preparing for Continuity of Care
Having witnessed the impact of cyberattacks on clinical processes, building management systems, and business operations, the healthcare field has learned ways to better prepare for future attacks. Never before has there been such a robust exchange of cyberthreat intelligence between the government and the private sector, including the healthcare field. We are taking a “whole of nation” approach—cooperating to defend against a common threat, just as we did after 9/11.
The field of cybersecurity has seen some positive technological developments. Experts are using AI to understand how adversaries are penetrating our networks and developing more effective tools to counter their tactics, techniques, and procedures. Hospitals are now focusing on emergency preparedness, not just on technical defenses to prevent an attack, but also on how to prepare a response to maintain clinical continuity. This planning also entails ensuring that third-party providers are prepared. When business associates, medical device providers, and supply chain vendors get hit through insecure technology or an insecure supply chain, hospitals and patients get hit too.
For example, after a recent blood-supply attack, my colleague and I helped the blood community explore downtime procedures, such as how to get around the internet connection that runs the machine that prints the critical labels that go on blood units. Consider requesting the AHA’s Clinical Continuity of Care Assessment to evaluate your hospital’s readiness to maintain critical clinical and operational functions during a cyberattack and gain practical recommendations.
Beyond medical technology, there is operational technology. Hospitals must account for the physical impact of a foreign-based cyberattack on their buildings and building management systems, and therefore on security and safety. With everything internet-connected, what happens if operational technology goes down? Below are just some of the impact points:
- Lighting and climate control. Think of the repercussions to your operating rooms.
- Access control. Doors go to the default setting of locked or unlocked.
- Video surveillance, fire alarms, and intrusionINTZ-- alarms. Losing access compromises safety.
- Voice over Internet Protocol phones. Staff can’t call critical assistance like police or fire department.
- Computer-controlled elevators. Their default setting is that the elevator goes to the first floor and the doors open, rendering them unusable.
Physical threats also entail the domestic threat of U.S. residents directing misinformed anger at the healthcare sector. With the murder of the UnitedHealth Group’s CEO Brian Thompson in New York City, there has been a tremendous increase in online vitriol directed at healthcare and insurance leaders. Hospitals now know that detecting these threats before they escalate into physical action requires thorough online, open-source monitoring.
For help in protecting your patients and operations from physical threats and cyberattacks, check out the trusted providers with vetted services participating in the AHA Preferred Cybersecurity & Risk Provider Program. Our team offers a wide variety of strategic cybersecurity and risk advisory services to assist AHA members, many of which are included with your AHA membership. We are also available anytime, including after hours, at no cost should your AHA-member organization need urgent assistance, guidance, or introduction to trusted government contacts as the result of a cyber or risk incident.
The Cyber Onslaught: Where Do We Stand So Far in 2025?
In late January 2025, it was revealed that the ransomware attack against UnitedHealth GroupUNH-- subsidiary Change Healthcare in 2024 exposed the health data of 190 million people—up from previous reports of 100 million. By the end of 2024, 259 million Americans’ health care records had been stolen in part or full, including those through the Change attack. According to breach notices filed with the U.S. Department of Health and Human Services Office of Civil Rights, since 2020 over 500 million individuals—more than the U.S. population—have had their health care records stolen or compromised at least once. Despite this staggering number, the market for health care data remains lucrative, as patients’ health records continue to be updated, providing fresh data for hackers.
Healthcare data has tremendous intelligence value for nation-states, including Russia, North Korea, Iran, and China. These nations target information on top government officials, military leaders, law enforcement, federal agents, and corporate CEOs. They build databases on these individuals’ health conditions, family members, travels, and ranks, making them susceptible to compromise today and in the future. For instance, someone who gains a prominent position five years from now could be targeted based on data collected years earlier.
In the criminal market, healthcare records are used to commit financial crimes such as identity theft and creating false credit histories. According to analysis by Kroll, a stolen healthcare record can be worth as much as $1,000 on the black market, making health records far more valuable than financial records. Healthcare also suffered more breaches than the financial sector in 2024. Criminals also hold data for ransom, threatening to publish it on the dark web or internet if the ransom is not paid. This dual threat of data extortion and system encryption puts healthcare organizations under immense pressure to pay ransoms to both unlock their systems and prevent public exposure of patient data.
The Use of AI Will Accelerate, Driven by Geopolitical Tensions
We are in the early stages of an AI-fueled arms race, with both cybercriminals and defenders leveraging AI to enhance their capabilities. The level of threat from these cyberattacks will be determined by geopolitical tensions and the approaches taken by the current administration in dealing with hostile nation-states and the criminal groups they harbor.
The main geopolitical tensions contributing to this AI cyber war include:
- The ongoing war in Ukraine.
- The situation in the Middle East, particularly the Gaza Strip and Iran, which has significant cyber offensive capabilities.
- North Korea’s use of funding from cybercrime to advance its nuclear weapons program and national security objectives.
- Malware from China, which has been found deeply embedded in critical infrastructure, including water, internet service, and telecommunications networks. If China chooses to invade Taiwan, it is poised to detonate this malware, causing massive infrastructure destruction intended to blunt our response. China remains our No. 1 cyberthreat.
The Good News: Preparing for Continuity of Care
Having witnessed the impact of cyberattacks on clinical processes, building management systems, and business operations, the healthcare field has learned ways to better prepare for future attacks. Never before has there been such a robust exchange of cyberthreat intelligence between the government and the private sector, including the healthcare field. We are taking a “whole of nation” approach—cooperating to defend against a common threat, just as we did after 9/11.
The field of cybersecurity has seen some positive technological developments. Experts are using AI to understand how adversaries are penetrating our networks and developing more effective tools to counter their tactics, techniques, and procedures. Hospitals are now focusing on emergency preparedness, not just on technical defenses to prevent an attack, but also on how to prepare a response to maintain clinical continuity. This planning also entails ensuring that third-party providers are prepared. When business associates, medical device providers, and supply chain vendors get hit through insecure technology or an insecure supply chain, hospitals and patients get hit too.
For example, after a recent blood-supply attack, my colleague and I helped the blood community explore downtime procedures, such as how to get around the internet connection that runs the machine that prints the critical labels that go on blood units. Consider requesting the AHA’s Clinical Continuity of Care Assessment to evaluate your hospital’s readiness to maintain critical clinical and operational functions during a cyberattack and gain practical recommendations.
Beyond medical technology, there is operational technology. Hospitals must account for the physical impact of a foreign-based cyberattack on their buildings and building management systems, and therefore on security and safety. With everything internet-connected, what happens if operational technology goes down? Below are just some of the impact points:
- Lighting and climate control. Think of the repercussions to your operating rooms.
- Access control. Doors go to the default setting of locked or unlocked.
- Video surveillance, fire alarms, and intrusionINTZ-- alarms. Losing access compromises safety.
- Voice over Internet Protocol phones. Staff can’t call critical assistance like police or fire department.
- Computer-controlled elevators. Their default setting is that the elevator goes to the first floor and the doors open, rendering them unusable.
Physical threats also entail the domestic threat of U.S. residents directing misinformed anger at the healthcare sector. With the murder of the UnitedHealth Group’s CEO Brian Thompson in New York City, there has been a tremendous increase in online vitriol directed at healthcare and insurance leaders. Hospitals now know that detecting these threats before they escalate into physical action requires thorough online, open-source monitoring.
For help in protecting your patients and operations from physical threats and cyberattacks, check out the trusted providers with vetted services participating in the AHA Preferred Cybersecurity & Risk Provider Program. Our team offers a wide variety of strategic cybersecurity and risk advisory services to assist AHA members, many of which are included with your AHA membership. We are also available anytime, including after hours, at no cost should your AHA-member organization need urgent assistance, guidance, or introduction to trusted government contacts as the result of a cyber or risk incident.
Divulgación editorial y transparencia de la IA: Ainvest News utiliza tecnología avanzada de Modelos de Lenguaje Largo (LLM) para sintetizar y analizar datos de mercado en tiempo real. Para garantizar los más altos estándares de integridad, cada artículo se somete a un riguroso proceso de verificación con participación humana.
Mientras la IA asiste en el procesamiento de datos y la redacción inicial, un miembro editorial profesional de Ainvest revisa, verifica y aprueba de forma independiente todo el contenido para garantizar su precisión y cumplimiento con los estándares editoriales de Ainvest Fintech Inc. Esta supervisión humana está diseñada para mitigar las alucinaciones de la IA y garantizar el contexto financiero.
Advertencia sobre inversiones: Este contenido se proporciona únicamente con fines informativos y no constituye asesoramiento profesional de inversión, legal o financiero. Los mercados conllevan riesgos inherentes. Se recomienda a los usuarios que realicen una investigación independiente o consulten a un asesor financiero certificado antes de tomar cualquier decisión. Ainvest Fintech Inc. se exime de toda responsabilidad por las acciones tomadas con base en esta información. ¿Encontró un error? Reportar un problema
SOBRE NOSOTROS
Nuestra historiaAutores de noticiasBase de conocimientosPolítica de privacidadTérmino de usoDescargo de responsabilidad de corretaje de tercerosTérminos de uso de AIMEDivulgaciones de riesgos de AInvest AICarrerasCONTÁCTENOS
Email: support@ainvest.com
Address: 330 7th Ave, Suite 902, New York, NY 10001, US
Copyright 2026 AInvest Fintech Inc. All rights reserved.
Comentarios
Aún no hay comentarios