Although the rate of cyberattacks on hospitals has increased spectacularly, the severity of the impacts has also increased exponentially. Let us examine the state of the cyber and physical threats in 2025 as well as the possibilities of progress in the health care sector. Hospitals and health systems learn to better prepare for cyber attacks and maintain clinical and resilience of businesses during prolonged breakdowns.
1. The request for health care files will continue
Cyber ambauge: Where are we so far in 2025?
At the end of January this year, we learned that the attack on last year’s ransomware against the subsidiaries of Unitedhealth Group changes Healthcare exposed the health data of 190 million people – against previous reports of 100 million. At the end of 2024, 259 million American health care files had been stolen in part or in part (including those by the change attack).
According to the violation notice filed with the American Department of Health and Social Services of Civil Rights1Since 2020, more than 500 million individuals – more than the American population – have robbed or compromised their health care files at least once. One might think that the health care data market would be saturated and that bad players would find little value to continue their attacks. This thought would be wrong. While patient health files continue to be updated, data that interests pirates.
There are two markets for health care files: the nation state and the criminal.
Health care data has enormous intelligence value for the nation state market
Health care files offer the intelligence services of hostile nations – notably Russia, North Korea, Iran and China – a data treasure on Americans. These nations go after information on senior government officials, the main military leaders, leaders of the law enforcement, federal agents, people involved in sensitive research and intellectual property and CEOs of companies. They build databases on the health conditions of these Americans, their family members and other contacts, their travels, where they serve, their rank, which makes these objectives likely to compromise today and in the future, as in the case of someone who wins a prominent position in five years.
Health care data is still lucrative for the criminal market
Cybercriminals use files to commit financial crimes such as the use of stolen identities to access bank accounts or create false credit history. According to Kroll’s analysis, a stolen health care file can be worth up to $ 1,000 on the black market, making health files much more precious than financial files. Health care also underwent more violations than the financial sector last year.
Criminals also have data for Ransom, with the threat of publishing them on Dark Web or Internet. This is called data extortion. The victim of healthcare ransomware is forced to pay to obtain the decryption key to unlock the victim organization systems, then pay the ransom to prevent patient data from being exposed publicly.
2. The use of AI will accelerate, driven by geopolitical tensions
We are in the first stadiums of an arms race fueled by AI, the bad guys using AI to launch cyber attacks and the vouchers who use it to defend themselves against these cyber attacks. The level of threat of cyber attacks will be determined by the geopolitical situation and the approaches adopted by the current administration to treat hostile nation states and, by proxy, the criminal groups which are provided by these nations.
The main geopolitical tensions contributing to this AI cyber-war period include:
- War in Ukraine.
- The situation in the Middle East-the Gaza Strip and, by Iran extension, which has a significant cyber-offensive capacity.
- The use of northern Korea financing of cybercrime (as Ransoms hospitals paid to the Maui Ransomware group) to build its illegal nuclear weapons program and advance its national security objectives.
- Malventy software from China, which has been found deeply integrated into our critical infrastructure, including water, internet and telecommunications networks. If China chooses to invade Taiwan, China is ready to explode this malware – causing massive destruction of infrastructure to blunt our response. China is our cybernatreat n ° 1.
3. Here is the good news: now that we are aware, we can prepare to maintain the continuity of care
Having witnessed the impact of cyber attacks on clinical processes, buildings management systems and commercial operations, the field of health care has learned of means to better prepare for future attacks.
- Never before has there been such Robust exchange of cyber-stage intelligence Between the government and the private sector, including the field of health care. We adopt a “entirely national” approach – cooperating to defend against a common threat – just as we did after September 11.
- The field of cybersecurity has seen some Positive technological developments. Experts use AI to understand how adversaries enter our networks, and they develop more effective tools, more quickly, to counter the tactics, techniques and procedures of adversaries.
- Hospitals are now focusing on Emergency preparation – which means that they do not only focus on technical defenses to prevent an attack, but also considering how to prepare a response, step by step, to maintain clinical continuity. How will they continue to provide safe and quality care, department by department, function by function, for 30 days or more?
This planning also involves ensuring their third -party suppliers are prepared. We know that when commercial partners, medical devices suppliers and supply chain providers are affected by unsafe technology or an unsecured supply chain, hospitals and patients are also affected. After a recent blood insurance attack Standing time proceduresLike how to get around the internet connection that runs the machine that prints critical labels that go to blood units.
Consider asking for The clinical continuity of AHA care assessment Evaluate the preparation of your hospital to maintain critical clinical and operational functions during a cyber attack and obtain practical recommendations.
- Beyond medical technology, there is operational technology. Hospitals must take into account the physical impact of a cyber attack abroad on their buildings and their building management systems, and therefore on security and security. With all connected to the Internet, what happens if operational technology breaks down? Here are some of the impact points:
- Lighting and air conditioning. Think of the repercussions of your operating rooms.
- Access control. The doors go to the default locking or unlock parameter.
- Video surveillance, fire alarms and intrusion alarms. Loss of access compromises security.
- Internet Internet Internet phones. Staff cannot call critical assistance such as police or fire service.
- Computer controlled elevators. Their default parameter is that the elevator goes on the first floor and the doors open, making them unusable.
Physical threats also involve the domestic threat American residents leading the ill -informed anger of the health care sector. With the murder of the CEO of the United group, Brian Thompson in New York, there was a huge increase in online vitriol for health and insurance leaders. Hospitals now know that the detection of these threats before turning into physical action requires online and open source surveillance.
To obtain help to protect your patients and operations against physical threats and cyber attacks, consult the trusted providers with approved services participating in the AHA cybersecurity and privileged risk provider program.
Additional support for your safety efforts for cybersecurity experts and AHA risks
Our team offers a wide variety of strategies Cybersecurity and risks consulting services To help AHA members, many of which are included in your AHA membership.
We are also available at any time, including after hours, at no cost if your organization AHA Member needs urgent assistance, orientation or introduction to the contacts of the government of trust following a cyber or risk incident.