Why Are Hackers Targeting the Healthcare Industry?

The global healthcare sector has come under siege in recent years. Once considered unlikely targets, hospitals, healthtech platforms, and medical research institutions are now top priorities for cybercriminals.

Hackers are drawn to the healthcare industry’s valuable data and vulnerable systems. Additionally, hospitals operate in high-stakes environments where even brief disruptions can jeopardize patient care.

As the digital transformation of healthcare accelerates, so too does the risk. According to the 2024 Ponemon Healthcare Cybersecurity Report, 92% of healthcare organizations experienced a cyberattack in the previous year.

A study highlights how the COVID-19 pandemic ushered in “a new era of digital health expansion”. This new era also “brought the lucrativeness of cyberattacks on healthcare organisations into view for malicious actors.”

A Matter of Life and Death

The UN Security Council addressed this threat directly in a November 2024 briefing. They acknowledged that ransomware attacks now endanger public health globally.

WHO’s Director-General warned that “cyberattacks on hospitals and other health facilities can be issues of life and death.”

“At best, these attacks cause disruption and financial loss. At worst, they undermine trust in the health systems on which people depend, and even cause patient harm and death.” – Tedros Adhanom Ghebreyesus, WHO Director-General

From patient records to vaccine research, no corner of the sector is safe. But why is this industry such a lucrative and vulnerable target, and how can we protect it?

A Global Crisis: The Alarming Surge in Healthcare Cyberattacks

Healthcare cyberattacks are no longer isolated incidents. They’re part of a growing global threat.

“In 2023, OCR reported a 239% increase in hacking-related data breaches between January 1, 2018, and September 30, 2023. In 2019, hacking accounted for 49% of all reported breaches. In 2023, 79.7% of data breaches were due to hacking incidents.” – Healthcare Data Breach Statistics, The HIPAA Journal

In 2024, healthcare became the number one target for data hackers, surpassing the finance industry for the first time. Some of the most significant breaches in the history of healthcare occurred in 2024.

*The 2024 Ascension Health ransomware attack compromised personal and health data of approximately 5.6 million people.*

When a Ransomware Attack Puts Patient Lives At Risk: Ascension Health

Ascension Health is one of the largest nonprofit healthcare systems in the United States. In May 2024, Ascension Health experienced a significant ransomware attack. The attack compromised the personal and health information of approximately 5.6 million people.

This event severely impacted Ascension’s operations across a network of 140 hospitals in 19 states and Washington, D.C. Critical systems, including electronic health records (EHRs), were taken offline, forcing staff to revert to manual methods.

This led to weeks-long disruptions such as delays in patient care, diversion of emergency services, and postponement of non-urgent procedures.

“We’ve started to think about these as public health issues and disasters on the scale of earthquakes or hurricanes. These types of cybersecurity incidents should be thought of as a matter of when, and not if,” Jeff Tully, a co-director of the Center for Healthcare Cybersecurity at the University of California-San Diego, told NPR in an article reporting on the attack.

In the same article, hospital staff share stories of how the attack caused or almost caused potentially fatal medication or dosage mix-ups.

The Biggest U.S. Healthcare Data Breach in History: Change Healthcare

In May 2025, the HIPAA Journal compiled healthcare data breach statistics from October 2009. The statistics confirmed that the Change Healthcare 2024 breach is the biggest U.S. healthcare data breach of all time. Change Healthcare is a division of UnitedHealth.

The 2024 breach affected 190 million individuals. It exposed sensitive data, including names, addresses, medical diagnoses, insurance details, and, in some cases, Social Security numbers and financial information. The attack disrupted healthcare operations nationwide, halting insurance payments and causing significant delays in patient care.

UnitedHealth Group paid a $22 million ransom to recover the stolen data and mitigate damage. However, it did not secure the stolen data.

The attackers exploited a system lacking multifactor authentication (MFA), allowing them to infiltrate Change Healthcare’s network and extract data over several days before detection.

According to the New York Times, thousands of medical offices experienced sudden financial turmoil last year after the attack paralyzed much of the nation’s healthcare payment system for months.

Since March 2024, Change had lent roughly $9 billion in interest-free loans to more than 10,000 affected medical providers. Now some of those providers are suing Change, saying it is pressuring them to repay funds.

The Growing Interest in Pharmaceutical IP: AstraZeneca

AstraZeneca was targeted in 2020 during its COVID-19 vaccine development, highlighting the growing interest in pharmaceutical IP and revealing a broader trend: cybercriminals and nation-states are targeting the entire healthcare and medical ecosystem, not just hospitals.

In late 2020, AstraZeneca was targeted by state-linked hackers, reportedly affiliated with North Korea. This attack came at a time when the race to develop a viable COVID-19 vaccine was at its peak, with global stakes at an all-time high.

Hackers used spear-phishing techniques, posing as recruiters on platforms like LinkedIn and WhatsApp. They sent fake job offers to AstraZeneca staff, especially those involved in vaccine development and corporate strategy. The emails were laden with malicious code disguised in job descriptions, which, if opened, could give attackers access to internal systems.

No large-scale data breach was publicly confirmed, but the attempt itself exposed serious vulnerabilities in the pharmaceutical R&D sector. It triggered global concern over the security of vaccine data, especially as similar attacks were also observed against Pfizer, BioNTech, and other vaccine developers.

The event underscored how healthcare had evolved from a humanitarian domain to a cyber warfare front line during the pandemic. From research labs to drug manufacturers, every node in the supply chain holds exploitable data.

*Cybercriminals are targeting pharmaceutical IP for its high value, aiming to steal proprietary research, clinical trial data, and drug formulas worth billions.*

These attacks don’t just compromise data: they disrupt treatments, delay care, and place lives at risk. As this study puts forward, these attacks also harm the wellbeing of the healthcare workers that they affect.

Why Cybercrime Thrives in Healthcare

1. Health Data is Incredibly Valuable

Medical records fetch 10–20 times more on the black market than credit card numbers. These records contain personal details, medical histories, billing info, and insurance data—everything needed for identity theft, insurance fraud, and extortion.

2. High Stakes Mean High Payouts

Hospitals and clinics face life-and-death decisions. When ransomware locks critical systems, institutions are often forced to pay quickly to resume patient care.

3. Pharma = Intellectual Goldmine

Drug makers and biotech firms hold proprietary data worth billions. The cyberattack on AstraZeneca’s vaccine research shows just how far attackers will go to acquire this intelligence.

Why Is Healthcare So Vulnerable?

Outdated Infrastructure and Tech Debt

Despite rapid digitalization, many healthcare systems still rely on legacy systems not designed to withstand modern threats. Increasing internet connectivity of medical equipment only broadens the attack surface. The complexity of healthcare IT infrastructure and the need to integrate systems across different departments introduces potential security vulnerabilities.

Broad Access Requirements

Healthcare professionals across departments must access patient data—from ER doctors to lab techs. Without secure access controls, this creates an enormous vulnerability.

Lack of Cyber Training

Doctors are trained to save lives, not spot phishing scams. Without regular cybersecurity training, even well-meaning staff can inadvertently expose critical systems.

Lagging IT Budgets

Healthcare IT departments are chronically understaffed and underfunded, often operating with just one IT professional per 100 computers and significantly smaller budgets than other industries, such as finance. This shortage leaves hospitals more vulnerable to cyber threats and less equipped to defend critical infrastructure.

*With Incode, medical staff can quickly and secure access records without cumbersome authentication hurdles, even in emergencies.*

A Path Forward: Securing Healthcare with Incode

Healthcare institutions need solutions that are not only secure, but also fast, compliant, and user-friendly. That’s where Incode comes in. From patient onboarding to secure medical record access, our advanced identity verification solutions enhance security, safeguard patient data, and simplify regulatory compliance.

1. AI-Driven Identity Verification

Incode offers a full-stack, AI-powered identity verification system. These are our solutions:

ID & Face Verification
• AI-Driven ID Validation and Authentication
• Liveness Check & Age Estimation
• Anti-Deepfake & Spoof Detection
• ID Document & Face Matching

User Risk Assessment
• Advanced Data Matching & Verification
• Device Intelligence
• Behavioral Analysis
• Network-Wide Risk Modeling

Sources of Truth Connection
• Direct DMV Connections
• Global Government Database Access
• Credit Bureau & Telco Data Integration

2. Built for Compliance

Incode’s identity verification technology is designed to meet the strict security and privacy requirements of several major global and industry-specific regulatory standards, including:

HIPAA: U.S. law for protecting patient health data
SOC2: A standard for data security and privacy in cloud services
ISO 27001: An international standard for information security management
Kantara: A framework for digital identity assurance
NIST: U.S. government cybersecurity standards, including identity verification

3. Frictionless Experience for All Users

Patients enjoy seamless onboarding, automated identity capture, and faster check-ins—reducing wait times and increasing satisfaction.
Physicians can quickly access records without cumbersome authentication hurdles, even in emergencies.
Admin teams see reduced call center burdens and minimized paperwork.

In fact, a leading healthcare provider saw a 23% increase in onboarding completion after switching to Incode.

“Incode streamlined our dependent and caregiver flow with secure access. This has surpassed our compliance team’s expectations and deepened trust with our patients.” – leading healthcare provider

4. Real-Time Risk Detection

Incode’s in-house AI Fraud Lab evaluate behavioral signals, device integrity, and network risks—preventing identity fraud before it happens.

Powering Trust in a Digitally Connected Healthcare World

Cyberattacks on healthcare are not just a tech problem —they are a human crisis. Lives, reputations, and economies are at stake. As healthcare digitizes, protecting identity isn’t just about compliance —it’s about safety, trust, and care continuity. With 99.6% of identity fraud prevented, Incode is redefining how we secure digital healthcare —one verified identity at a time.

Learn more about Incode’s solutions for the healthcare industry

Liveness Detection

Facial Recognition

Document Verification

Optical Character Recognition (OCR)

Identity Verification (IDV)

Non-Document Verification

Watchlist

Authentications

Age Verification

Know Your Business (KYB)

Workforce (Know Your Employee)

Financial Services

Online Gaming

iGaming (Gambling)

Marketplaces

Social Media

Healthcare

Hospitality

Telecom

Web Services

Event Experiences

Public Sector

Blog & Whitepapers

Case Studies

Press Releases