The HIPAA Journal reported that a staggering 92% of US healthcare organizations were victims of cyberattacks in 2024. From ransomware attacks to data breaches, threat actors exploited vulnerabilities to gain access to sensitive information, disrupting operations and compromising patient care.
These attacks revealed alarming gaps in cybersecurity, from weak operating systems to a lack of robust security controls.
In this article, we’ll explore the biggest healthcare cyberattacks of 2024, identify key vulnerabilities, and outline a cyberattack detection and prevention plan to help healthcare organizations prevent cyber attacks in 2025.
The Top Cyberattacks on Healthcare in 2024
The biggest healthcare cyberattack in history occurred in February 2024. Change Healthcare was targeted by the BlackCat/ALPHV ransomware group, who stole the personal, financial, and health information of an estimated 100 million individuals. The stolen data included names, contact details, Social Security numbers, health information, insurance details, and more.
The ransomware group demanded a $22 million ransom to prevent the publication of the stolen data; however, the group pulled an exit scam, and the payment did not secure the stolen data.
BlackCat/ALPHV gained access to Change Healthcare’s network using stolen credentials. The group spent nine days inside the network, moving laterally and stealing the data, before encrypting files. The attack was only discovered after the encryption, which prevented access to anyone else.
In April, the Kaiser Foundation Health Plan suffered a data breach that affected 13.4 million individuals. The compromised protected health information (PHI) included patient names, medical record numbers, IP addresses, and some details of Kaiser Permanente accounts.
The data breach allegedly stemmed from tracking technology that shared patient information with advertisers, such as Google and Microsoft.
In May, Ascension Health was hit by a ransomware attack that affected 5.6 million individuals. Investigations into the attack are still ongoing; however, it is possible the stolen data included personal details, patient medical information, payment information, insurance details, and government identification.
Ascension has said it found no evidence that electronic health records (EHR) or other clinical systems were accessed by the ransomware group, which would mean full medical histories were not stolen.
In March, HealthEquity suffered a data breach that compromised the personal and medical information of 4.3 million individuals. The affected data reportedly included customer names, addresses, Social Security numbers, payment card information, and dependents.
The data breach occurred when the user account of one of HealthEquity’s vendors was compromised and the credentials stolen. The breach was discovered after unauthorized access was found in an “unstructured data repository” outside of HealthEquity’s core network.
In September, the Department of Health and Human Services (HHS) Centers for Medicare and Medicaid Services (CMS) suffered a data breach that affected the private information of 3.1 million individuals. The data included PHI and personally identifiable information (PII)
The data breach involved the exploitation of a zero day vulnerability in a MOVEit Transfer solution. Unauthorized parties gained access to the data that was transferred using MOVEit.
Key Vulnerabilities in Healthcare Cybersecurity
Healthcare organizations are especially vulnerable to cyber threats due to a combination of outdated systems and weak access controls. Here are the top vulnerabilities exploited by cyber criminals in 2024:
Inadequate access controls, such as the absence of multi-factor authentication or reliance on weak passwords, make it easier for threat actors to gain unauthorized access. Without stringent security controls, sensitive information and critical systems remain exposed.
Many healthcare providers still rely on aging operating systems and software that are no longer supported with regular security updates. These outdated systems have unpatched vulnerabilities, making them prime targets for ransomware attacks and data breaches.
Cybercriminals frequently obtain stolen credentials through phishing emails, brute force attacks, or exploiting poorly secured databases. Once they have these credentials, they can easily gain access to sensitive data and disrupt healthcare operations.
How to Prevent Cyberattacks in Healthcare in 2025
Addressing these vulnerabilities requires a targeted cyberattack prevention plan. Below are actionable ways to prevent cyberattacks that healthcare organizations should take to reduce the risk of unauthorized access and strengthen their data security measures.
Implement multi-factor authentication to add an extra layer of security beyond passwords. Ensure that employees use strong passwords and consider role-based access control to limit system access to only those who need it.
Replace outdated operating systems and legacy software with modern, secure alternatives. Regularly update all software to patch known vulnerabilities and reduce the risk of ransomware attacks.
Protect credentials by enforcing password complexity requirements and conducting regular audits for stolen credentials. Use tools like password managers to secure access and implement measures to detect and block unauthorized login attempts.
Provide ongoing training to employees on identifying phishing emails, avoiding suspicious links, and properly handling sensitive information. Educated staff can serve as the first line of defense against stolen credentials.
Be prepared for potential breaches by creating a detailed response plan that includes steps for cyberattack detection, containment, and recovery. Regularly test the plan to ensure its effectiveness in minimizing downtime and protecting sensitive data.
Learn more: The 7 Elements of an Effective HIPAA Compliance Policy
Don’t Let Cybercriminals Threaten Your Healthcare Organization
The healthcare industry suffered more cyberattacks in 2024 than any year previously. These incidents must serve as a wake-up call to improve cybersecurity practices.
As a specialized provider of cybersecurity services for healthcare organizations, Davenport Group is uniquely placed to protect your systems, network, and private data. Let us ensure the security of your PHI, and help you remain compliant with HIPAA. Reach out to us for a free consultation and find out how.
