The healthcare industry is not only under cyber siege, it's also in the midst of a full-blown digital outbreak. Look no further than the 2025 Verizon Data Breach Investigations Report (DBIR). DBIR reported that the industry suffered 1,710 security incidents and 1,542 confirmed breaches. To sum up, healthcare is one of the most attacked industries in the world.
There are two main factors behind this activity. First, healthcare organizations possess data, large amounts of data, including medical records containing vast amounts of personal and financial information that is in high demand on the black market. Second, these organizations often have fragile infrastructure and are frequently offline, impacting patient care while also putting their data at risk.
This one-two punch creates equal urgency and growing pressure to address these issues. This situation is exacerbated by the fact that, unlike other industries, U.S. healthcare organizations are subject to disclosure requirements, which ultimately creates unnecessary visibility and often results in victims receiving higher compensation.
From human error to system intrusions
Verizon DBIR confirmed the significant shift behind these events. Human error is no longer the primary cause of breaches. Today, cybercriminals who successfully gain entry into a system gain this distinction. This includes ransomware attacks that put teams in a no-win situation – do we pay the ransom or risk exposing patient data?
Unfortunately, this is the reality for too many organizations. Just ask Changing Healthcare. Last year, it fell victim to a ransomware-driven supply chain attack that affected some 190 million people. While this is undoubtedly the biggest event, it's not the only one. Yale New Haven Health discovered that more than 5.5 million records were compromised, while Episource fell victim to a third-party compromise and lost control of more than 5 million patient records. The reasons are not just attacker-driven incidents. As we saw with Blue Shield of California, routine mistakes can also be to blame. In this case, the misconfigured portal exposed 4.7 million records.
While the specific numbers above are certainly great fodder for headlines, they do not fully capture the toll these organizations have suffered. These attacks can also reduce public trust, drain financial reserves, and even impact patient care. In the case of Frederick Health, attackers compromised clinical systems and forced the hospital to reroute ambulances.
This is a digital epidemic
As someone who lives and breathes cybersecurity, I thought it would be best to describe the digital epidemic faced by these healthcare organizations, particularly when it comes to ransomware and supply chain threats. Just look at the numbers from DBIR, which reports that ransomware currently accounts for 44% of breaches. That’s a 37% increase in just one year. Year. Next, there are espionage-related attacks launched by nation-states aimed at harvesting pharmaceutical data, personal health records, and more. This represents a 12% increase compared to 2024. Let’s not forget third-party breaches, which have doubled during the same time period.
The secret to success: Preemptive and deceptive defense
The challenge for these organizations is not the speed of the attack, but mutation. After mitigating one vulnerability (such as exposed credentials), the attacker quickly looks for another vulnerability and, like a virus, continues the process until gaining entry.
It’s this virus-like adaptability that makes it difficult for perimeter defenses to keep up. This is especially true for traditional detection and response, reactive security models, where IT teams, already disadvantaged and understaffed, are busy fighting fires instead of building resiliency.
This is where new preemptive strategies are gaining ground. This is especially true for industries that cannot afford any downtime. Preemptive approaches continuously alter digital system elements such as file paths, memory structures, runtime processes, etc. Through constant change, the predictability that attackers count on no longer exists. Unlike static defenses, where defenses are essentially fixed and preconfigured, preemptive network defenses are constantly changing, completely eliminating a stable foothold.
This approach is especially important for hospitals that continue to rely on outdated systems or medical equipment that cannot be patched (such as imaging systems and pharmacy platforms, clinical information platforms and EHR connectivity systems, imaging and radiology systems, etc.). Preemptive cyber defenses can thwart zero-day attacks, curb the spread of malware, and maintain uptime of critical services even when they are under active attack.
Deception technology is another area of concern. Spoofing platforms do exactly what their name suggests, mimicking real assets (databases, electronic medical records, user accounts, etc.) in order to lure attackers into a trap. These lures blend together, dynamically adapt, and emit a clean, actionable alarm when touched. But unlike more traditional honeypots, these decoys scale intelligently, eliminating any false positives and giving teams the time they need to quickly mitigate real threats.
In a field where latency is measured in lives, early detection, reduced attacker dwell time and system-level misdirection can literally save lives. By combining preemptive and deceptive techniques, organizations can weaken their attack surface while exposing hidden threats before they can cause damage.
These capabilities are critical in a cyber environment where ransomware attacks, nation-state threats, and third-party risks continue to grow. By transforming outdated and increasingly ineffective reactive strategies, healthcare organizations can eradicate all cyber infections while maintaining optimal patient care.
Image: Just_Super, Getty Images
Morphisec Chief Marketing Officer Brad LaPorte is a seasoned cybersecurity expert and former military officer who specializes in providing cybersecurity and military intelligence to the U.S. military and allied forces. Brad has had a distinguished career as a top research analyst at Gartner, where he was instrumental in establishing key industry categories such as Attack Surface Management (ASM), Extended Detection and Response (XDR), Digital Risk Protection (DRP), and the foundational elements of Continuous Threat Exposure Management (CTEM). His forward-thinking approach resulted in Secureworks' MDR services and industry-first EDR product, Red Cloak. At IBM, he spearheaded the creation of the endpoint security portfolio as well as MDR, vulnerability management, threat intelligence and managed SIEM products, further solidifying his reputation as a cybersecurity solutions visionary.
This article appeared in Medical City Influencers program. Anyone can share their thoughts on healthcare business and innovation on MedCity News through MedCity Influencers. Click here to learn how.
