In 2024 alone, more than 276 million patient records were compromised in cyber attacks targeting healthcare organizations, a figure that equates to 758,000 exposed records every single day. The scale of the problem is shocking, but what’s even more sobering is that 92 percent of healthcare organizations reported experiencing at least one cyberattack last year. These aren’t just numbers; they reflect a growing crisis in trust, safety, and operational integrity across the entire healthcare system. And they also indicate cyber cybersecurity defenses at the majority of healthcare organizations are not adequately stopping cyber threats.
For patients, the fallout is personal and painful. Victims of medical identity theft spend, on average, 210 hours and $2,500 out-of-pocket to reclaim their identities and resolve the downstream effects. In some cases, their altered medical records may even lead to misdiagnoses or incorrect treatments. For healthcare providers, the damage includes regulatory penalties, financial losses, and perhaps most critically, reputational harm that undermines the very mission of care.
The New Face of Healthcare Phishing
As the healthcare industry embraces digital transformation, cyber criminals are becoming equally sophisticated. A research team recently uncovered and stopped a highly targeted phishing campaign that impersonates legitimate medical service platforms, including Zocdoc, and leverages fabricated clinics to extract personal information. This campaign dates back to March 20 and has already sent more than 7,000 phishing emails targeting nearly 300 different organizations, most of which are in the United States.
While these emails often appear innocuous on the surface, with messages containing pre-appointment information or requests or booking confirmations, once clicked, they open the door for attack. Recipients are instructed to call a specific number where threat actors are waiting to socially engineer sensitive information out of them, obtaining Social Security numbers, insurance details, health histories, and more.
These attacks are not random. They’re calculated, emotionally manipulative, and designed to exploit the unique vulnerabilities of healthcare consumers and staff alike. And they will keep increasing in scope without the proper email security.
Why Healthcare Data is a Lucrative Target
Cyber criminals aren’t just after a quick payout, they’re building a longer-term business model. Healthcare data is incredibly valuable on the dark web, often more so than financial data. It contains a dense combination of personally identifiable information (PII), medical history, and insurance credentials that can be packaged into “identity kits”. These kits enable a wide array of fraudulent activities, from obtaining unauthorized prescriptions to receiving medical treatment under false pretenses or even blackmailing victims with threats to expose sensitive medical conditions.
Stolen healthcare data doesn’t just affect patients. Employees of healthcare institutions are just as susceptible to these attacks. If their data is breached, cyber criminals can leverage it to infiltrate internal systems, move laterally within networks, or launch further phishing attacks that appear even more credible.
Psychological Warfare in the Digital Age
One of the most disturbing trends we’re seeing impacting healthcare is the weaponization of personal health data for psychological manipulation. Cyber criminals are no longer just data thieves, they’re extortionists, capable of using sensitive information to intimidate, coerce, or blackmail victims.
Imagine receiving an email that not only claims to know your full medical history but threatens to disclose it unless you pay a ransom. The emotional and mental toll of such tactics can be severe, particularly for patients navigating complex or stigmatized health conditions.
In extreme cases, when hackers alter medical records, they’re not just committing fraud, they’re endangering lives. A corrupted patient file could result in incorrect treatments, wrong prescriptions, or missed diagnoses.
How Healthcare Organizations Can Respond
To combat these rising threats, healthcare organizations must take proactive, layered security measures that go beyond basic compliance checklists. Here are several key steps:
- Deploy Advanced Email Filtering and Threat Prevention Tools
Email security that uses AI to detect and block sophisticated phishing attempts is becoming critical to preventing these threats from turning into breaches. - Educate Employees Through Realistic Simulations
Employee awareness remains a critical line of defense. Organizations should conduct regular phishing simulations to test staff responses and reinforce best practices. Simply knowing how to identify a spoofed appointment confirmation could make all the difference. - Establish Clear Reporting and Response Protocols
Employees need a streamlined way to flag suspicious messages and a team that’s ready to respond. Having incident response playbooks in place ensures faster containment and less exposure in the event of a successful breach attempt. - Secure All Endpoints, Including Mobile Devices
With many healthcare professionals accessing email and patient systems from mobile devices, it’s essential that these endpoints are protected by mobile threat defense software. Phishing doesn’t stop at the desktop. - Promote a Culture of Cyber Hygiene
Cybersecurity is not just the IT department’s responsibility. Encourage a mindset across your organization where data protection is treated with the same urgency as patient safety.
Improving Cyber Defenses is an Investment in Trust
The healthcare industry has always been grounded in trust – between doctors and patients, providers and communities, institutions and the public. But that trust is under siege by a rising tide of cyber criminal activity that grows more targeted and sophisticated by the day.
In this evolving threat landscape, standing still is not an option. We must invest in the technologies, training, and processes that safeguard our digital frontlines just as rigorously as we protect our physical ones.
Cybersecurity in healthcare is no longer a niche IT concern. It’s a core element of patient care. If we fail to protect our data, we fail to protect our people. And that’s a risk no healthcare organization can afford to take.
About Cindi Carter
At Check Point Software Technologies, Cindi Carter is a Chief Information Security Officer in the Office of the CISO, committed to helping other CISOs achieve success in both strategic and tactical initiatives. Cindi possesses a firm grasp of the challenges surrounding the security, privacy, and risk management landscape, and is a trusted advisor within Check Point as well as for our customers. More recently, Cindi was the CISO for IntSights Cyber Threat Intelligence; Cindi also served as VP and Chief Security Officer at MedeAnalytics; and prior to that Cindi was the Deputy Chief Information Security Officer at Blue Cross and Blue Shield of Kansas City. Cindi is also the founding president of Women in Security- Kansas City, and has been honored as part of SC Media magazine’s “Women to Watch in Cyber Security” list and in Cybersecurity Venture’s book “Women Know Cyber: 100 Fascinating Females Fighting Cyber Crime.”
