A recent study by Netwrix reveals a significant cybersecurity challenge facing the healthcare sector: an overwhelming 84% of healthcare organizations (HCOs) detected a cyber-attack or intrusion in 2024, with account hijacking and phishing emerging as the most prevalent threats.

The global survey, which polled IT and security professionals in the healthcare industry, was part of a broader report on hybrid cloud trends. The findings indicate that the type of IT environment influences which threats are most likely to occur. For instance, user account compromise affected 74% of HCOs using cloud-based systems, compared to only 44% of those relying on on-premises infrastructure. Phishing was the second most common threat, impacting cloud (62%) and on-premises (63%) environments at nearly equal rates.

Dirk Schrader, Netwrix's VP of Security Research, explained the vulnerability: “Healthcare workers regularly communicate with many people they do not know – patients, laboratory assistants, external auditors and more – so properly vetting every message is a huge burden. Plus, they do not realize how critical it is to be cautious, since security awareness training often takes a back seat to the urgent work of taking care of patients. Combined, these factors can lead to a higher rate of security incidents.”

The consequences of these incidents are also more severe for healthcare. The study found that 69% of healthcare respondents reported a negative financial impact from cyber-attacks, compared to 60% in other sectors. Furthermore, 21% cited changes in senior leadership and 19% faced lawsuits as a result of an attack—figures notably higher than the 13% average for other industries.

In response to these mounting risks, data security (64%) and network security (54%) are now the top IT priorities for HCOs, surpassing automation (46%). Reflecting this heightened concern, the European Commission recently launched a new action plan focused on improving threat prevention, detection, and response, including the establishment of a Cybersecurity Support Centre to provide an EU-wide early warning service by 2026.

HCOs remain a prime target for cybercriminals globally, particularly due to their low tolerance for downtime and the vast amounts of sensitive patient data they hold. This makes them especially vulnerable to ransomware; a report from August 2024 indicated that 21% of all ransomware attacks in the preceding year targeted healthcare organizations, up from 18% the year before.