Prescription for Protection: How Healthcare Can Combat Rising Cyber Threats

The healthcare industry holds a critical place in our society. Beyond saving lives and caring for the ill, it safeguards sensitive patient data and serves as the foundation of public health systems. Yet, in recent years, it has also emerged as one of the most targeted industries for cyberattacks. Why? Because it sits at the intersection of two irresistible opportunities for cybercriminals: highly valuable patient data and outdated IT systems.

Healthcare organizations face a unique combination of vulnerabilities. They handle vast amounts of sensitive information, including patient identities, medical histories, and insurance details, all of which have immense value on the dark web or as leverage in ransom demands. Compounding this risk, many healthcare providers depend on outdated or unsupported legacy systems. The expense and complexity of IT modernization often slow progress, leaving networks exposed to exploitation. Meanwhile, fragmented IT environments—with siloed systems and limited centralized visibility across departments and facilities—further amplify the challenge of detecting and responding to threats in a timely manner.

These factors have made healthcare a prime target for cyberattacks, and 2024 was no exception. In fact, the Huntress 2025 Cyber Threat Report found that healthcare was the second most attacked industry in 2024, accounting for 17% of all attacks. To combat this growing threat, healthcare organizations must understand the tactics employed by cybercriminals and adopt robust, proactive measures to protect their patients, networks, and data.

The Top Cyber Threats Targeting Healthcare

The combination of sensitive patient data, outdated legacy systems, and fragmented IT environments makes healthcare especially vulnerable to specific types of cyberattacks. Here are the top three threats that Huntress observed targeting healthcare organizations in 2024:

1. Malicious Script (22%): Malicious script executions were the biggest risk for healthcare organizations in 2024. These scripts are primarily used to establish persistence, deploy malware downloaders, and conduct system analysis before further attacks.
2. Infostealers (19%): Infostealers are malicious programs designed to extract private data, like login credentials and operational information. Given healthcare’s vast stores of patient data, it’s no surprise that this industry has become a primary target for infostealers. Once data is stolen, it’s either sold on the dark web or used in credential-stuffing attacks.
3. Malware (16%): Malware, including fileless varieties, continues to wreak havoc on healthcare networks. It is often used to establish a persistent foothold, disrupt operations, or provide attackers with unauthorized access. 

Dangerous New Trends in Ransomware

While ransomware was not the most common threat impacting healthcare organizations, it remains a significant and evolving risk. Traditionally, ransomware attacks focused on encrypting files and demanding payment in exchange for decryption, locking critical systems, and disrupting operations. However, attackers have shifted their focus to a more insidious two-pronged approach that combines data theft with extortion. This strategy allows cybercriminals to bypass encryption-based defenses and exploit the exposure of sensitive data as leverage against their victims.

The new model works like this: before deploying ransomware to disable system access, attackers infiltrate networks and exfiltrate confidential information. Once they’ve secured these valuable files, they threaten to release the stolen data publicly unless the organization pays a ransom. This approach increases the pressure on healthcare organizations, bringing in the risk of reputational damage and potential legal fallout alongside operational paralysis. For attackers, it provides a higher likelihood of payment, as organizations strive to protect patient trust and avoid regulatory penalties.

The Java-based Risks in Healthcare

Although most industries have phased out Java, the healthcare sector continues to rely on it for many critical medical technologies and software systems, making it an attractive target for cybercriminals. Attackers exploit this dependency by deploying Java-based Remote Access Trojans (RATs) like JRat/Adwind and STR RAT at a significantly higher frequency in healthcare than in other industries. These RATs enable unauthorized remote access, allowing attackers to infiltrate, monitor, and manipulate healthcare networks.

JavaScript-based attacks are also prevalent, often involving suspicious JavaScript execution patterns and child processes that deploy malware. Many of these attacks exploit generic vulnerabilities, but some appear to use specific loaders like Gootloader or SOCGholish to deliver malware payloads. These tactics compromise both legacy and modern environments, targeting vital systems and sensitive patient data. Healthcare’s dependence on outdated software amplifies the risks, as slow modernization allows attackers to weaponize vulnerabilities that remain unpatched, threatening the continuity of patient care and operational stability.

Proactive Defense Strategies for Healthcare Organizations

To protect against cyber threats, there are a few proven steps healthcare organizations can take to enhance their defenses and reduce risk. Here are actionable recommendations based on our findings:

1. Regularly Patch Systems: Legacy systems may be challenging to replace, but comprehensive patch management is non-negotiable. Keeping software and systems up to date can neutralize many of the vulnerabilities attackers aim to exploit.
2. Enhance Incident Response Plans: Preparing for the worst is never wasted effort. Organizations should develop and regularly test incident response plans to ensure teams can act swiftly during a security breach.
3. Monitor Third-party Vendors: Many cyberattacks originate through the supply chain. Ensure that contractors, vendors, and partners follow your organization’s cybersecurity standards, reduce access to critical systems, and enforce regular audits.
4. Employee Training: The human element is often the weakest link in cybersecurity. Regular training can empower employees to recognize phishing scams, odd behavior in systems, or other red flags. Human vigilance remains pivotal to preventing breaches.
5. Implement Endpoint Monitoring: Early detection is crucial in mitigating threats before they escalate. Deploying an endpoint detection and response (EDR) solution can provide critical visibility into the misuse of legitimate software, execution of malicious programs, use of persistence mechanisms, and more.
6. Adopt a Layered Security Approach: No single solution can defend against all threats. Instead, healthcare organizations must implement layered defenses, including identity threat detection and response (ITDR) and security information and event management (SIEM), for comprehensive coverage.

Protecting Patients and the Future of Healthcare

With a reliance on legacy systems, a wealth of high-value patient data, and fragmented IT environments, the healthcare sector faces a growing wave of cyber threats.

Malicious scripts, infostealers, and remote access trojans are just a few examples of threats exploiting overlooked vulnerabilities like outdated software, Java dependencies, and insufficient monitoring. Attackers have also evolved their methods, replacing traditional decryption-based ransoms with data theft and extortion tactics.

To protect against these rising threats, healthcare organizations must take a proactive and multi-layered approach to cybersecurity. With a well-rehearsed incident response plan, regular vulnerability assessments and patching, impactful security awareness training, and robust implementation of key controls like endpoint detection and response, the healthcare industry can strengthen its resilience against the growing volume of cyber threats.

The stakes are far too high to delay. Cyberattacks compromise not just data and finances but the fundamental mission of healthcare—to care for and protect lives. Every investment made today in cybersecurity safeguards patients, preserves trust, and ensures the uninterrupted operation of our critical healthcare systems.