The healthcare sector isn’t just under cyber siege, it’s in the middle of a full-blown digital outbreak. Look no further than the 2025 Verizon Data Breach Investigations Report (DBIR). The DBIR reports that the industry suffered 1,710 security incidents and 1,542 confirmed breaches. Add it all up, and healthcare is one of the most aggressively targeted sectors worldwide.
There are two major factors behind this activity. First, healthcare organizations possess data, lots of data, which includes medical records that feature tons of personal and financial information that is in high demand on the black market. Secondly, these organizations often have fragile infrastructure that often goes offline, impacting patient care while also putting their data at risk.
This one-two punch generates equal amounts of urgency and growing pressure to resolve these issues. These are exacerbated by the fact that, unlike other sectors, U.S. healthcare organizations are bound by disclosure requirements, which can ultimately create unwanted visibility, often leading to victims relenting to higher payouts.
The Power of One: Redefining Healthcare with an AI-Driven Unified Platform
In a landscape where complexity has long been the norm, the power of one lies not just in unification, but in intelligence and automation.
From human error to system intrusion
The Verizon DBIR confirms a major shift behind these incidents. Human error is no longer the leading cause of breaches. That distinction now goes to cybercriminals who are successfully gaining access to systems. This includes ransomware attacks that put teams in an unwinnable position — do we pay the ransom or risk exposing our patient data?
Unfortunately, this is a reality for too many organizations. Just ask Change Healthcare. This past year, it was the victim of a ransomware-driven supply chain attack that affected approximately 190 million people. While this was unquestionably the largest incident, it was not the only one. Yale New Haven Health saw more than 5.5 million records exposed, while Episource was the victim of a third-party compromise and lost control of more than 5 million patient records. And it’s not only attacker-driven incidents that are the cause. As we saw with Blue Shield of California, routine errors can also be the culprit. In this case, a misconfigured portal exposed 4.7 million records.
While the specific numbers above are certainly great fodder for headlines, they don’t convey the full scale of the damage inflicted on these organizations. These attacks also reduce public trust, siphon off financial reserves, and even impact patient care. Take Frederick Health, where attackers disrupted clinical systems, which forced the hospital to reroute ambulances.
RCM Outsourcing: Balancing Human Expertise & Smart Technology
Greenway Health blends smart technology with human expertise to elevate revenue cycle.
It’s a digital pandemic
As someone who lives and breathes cybersecurity, I think it’s best to describe what these healthcare organizations are facing as a digital pandemic, especially when it comes to ransomware and supply chain threats. Just look at the numbers featured in the DBIR, which report that ransomware now accounts for 44% of breaches. That’s up 37% in just one year. year. Next, come espionage-linked attacks led by nation-states looking to obtain pharma data, personal health records, and more. Those are up 12% from 2024. And let’s not forget third-party breaches, which have doubled over this same timeframe.
The prescription for success: Preemptive and deceptive defenses
The challenge these organizations face is less about the speed of these attacks and more about mutation, where, after mitigating one vulnerability, such as an exposed credential, attackers quickly look for another, and, like a virus, continue the process until they gain entrance.
It’s this virus-like adaptability that makes it difficult for perimeter defenses to keep up. This is especially true for traditional, detect-and-respond, reactive security models, where IT teams, already outmatched and understaffed, are stuck firefighting instead of building resilience.
That’s where newer preemptive strategies are gaining ground. This is especially true in industries that cannot afford any downtime. Preemptive approaches constantly shift digital system elements such as file paths, memory structures, runtime processes, and more. By constantly shifting, the predictability that attackers count on no longer exists. Unlike static defenses, where defenses are largely fixed and preconfigured, preemptive cyber defenses change constantly, thus eliminating stable footholds altogether.
This approach is especially key for hospitals that continue to rely on outdated systems or unpatchable medical devices, such as imaging systems and pharmacy platforms, clinical information platforms and EHR‑connected systems, imaging and radiology systems, and more. Preemptive cyber defense can block zero-day exploits, contain malware spread, and sustain uptime across vital services, even when they are experiencing an active attack.
Deception technology is another layer that is gaining traction. Deception platforms do precisely what the name indicates, mimicking real assets (databases, EHRs, user accounts, etc…) in order to lure attackers into traps. These decoys blend in, adapt dynamically, and send clean, actionable alerts when touched. But unlike more traditional honeypots, these decoys can scale intelligently, weed out any false positives, and give teams the time they need to quickly mitigate real threats.
In a sector where delays are measured in lives, early detection, lower attacker dwell time, and system-level misdirection can literally save lives. By marrying preemptive and deceptive technologies, organizations can blunt the attack surface while simultaneously exposing hidden threats before damage is done.
These capabilities are vital in a cyber environment where ransomware attacks, nation-state threats, and third-party risks continue to grow. By shifting from outdated and increasingly ineffective reactive playbooks, healthcare organizations can root out all cyber infections while maintaining optimal patient care.
Picture: Just_Super, Getty Images
Brad LaPorte, Chief Marketing Officer at Morphisec, is a seasoned cybersecurity expert and former military officer specializing in cybersecurity and military intelligence for the United States military and allied forces. With a distinguished career at Gartner as a top-rated research analyst, Brad was instrumental in establishing key industry categories such as Attack Surface Management (ASM), Extended Detection & Response (XDR), Digital Risk Protection (DRP), and the foundational elements of Continuous Threat Exposure Management (CTEM). His forward-thinking approach led to the inception of Secureworks’ MDR service and the EDR product Red Cloak—industry firsts. At IBM, he spearheaded the creation of the Endpoint Security Portfolio, as well as MDR, Vulnerability Management, Threat Intelligence, and Managed SIEM offerings, further solidifying his reputation as a visionary in cybersecurity solutions years ahead of its time.
This post appears through the MedCity Influencers program. Anyone can publish their perspective on business and innovation in healthcare on MedCity News through MedCity Influencers. Click here to find out how.