Looking Back – The Current State of 2023 Cyberattacks in Healthcare

Reflecting on the 2023 cyberattacks in healthcare, the industry grappled with an increasing amount of threats like ransomware and phishing, jeopardizing patient information and services. 

Building a stronger wall to prevent threat actors from coming in is only half of the solution. The other half must address the inevitable reality that no matter how strong that wall is, adversaries WILL slip through. It comes down to cybersecurity maturity – establishing a resilient and continuous defensive infrastructure. Healthcare providers must protect patient data and uphold the integrity of healthcare operations by implementing advanced threat detection systems and cultivating a culture of cyber resilience.

As highlighted in a recent Gartner Review, it is important to “integrate your cyber advisory, professional and managed security services into tightly coupled offerings that enable cyber resilience outcomes.” Experts also advised that “consolidation also requires the fusion of security products into a unified platform with integrated signals across the supported security products. Feasibly, this will be a defined set of best-of-breed products that are integrated via native applications or APIs into a service provider fusion platform with the end objective of the technology and people working together in an orchestrated solution.”

The notion of a sophisticated, unified front has swept over the cybersecurity industry, becoming a top priority for those looking to enhance and fortify their threat detection program against a dynamic threat landscape. This is what Avertium calls Cyber Fusion

In response to the healthcare industry's high susceptibility to cyberattacks, many organizations are proactively enhancing their cybersecurity as they brace for the threats ahead in 2024. Here are the emerging threats we are predicting and the defense strategies that we recommend for healthcare organizations facing these threats head-on.



Emerging Threats – What cybersecurity risks will the healthcare sector face in 2024? 

Generative Artificial Intelligence (AI) Vulnerabilities in Healthcare

What is it? Generative AI employs generative models to create text, images, or other media by learning patterns and structures from input training data. As a result, these models generate new data with similar characteristics. As AI becomes more prevalent in healthcare, it holds promise for predicting outcomes and guiding doctors, surgeons, nurses, and other roles in areas like processes and paperwork. One notable trend is the rise in deepfake phishing attacks, facilitated by threat actors leveraging generative AI tools. 

Why are healthcare organizations particularly vulnerable when using generative artificial intelligence (AI)? Due to its complex nature, it may be challenging for healthcare professionals to learn, understand, maintain, and secure generative AI requiring additional resources for training and support. 

What is the impact in healthcare / what does it mean for your organization? Currently, 10 states have AI-related regulations in their larger consumer privacy laws; however, only a handful of states have proposed legislation specific to the privacy of data or the use of AI in healthcare. While generative AI holds significant promise for the future of healthcare, there are potential negative impacts for organizations to consider. 

  • Ethical concerns arise around issues like data privacy, security, and the potential misuse of generated content

  • Privacy issues can arise if the AI works with sensitive data, leading to breaches or unauthorized access

  • Inaccuracies or biases in generated medical data could lead to incorrect diagnoses or treatment decisions
How generative artificial intelligence (AI) takes form: 
  • Misinformation with AI: A recent study led by Stanford School of Medicine researchers sheds light on AI unknowingly spreading racist and debunked medical notions. This has been found to perpetuate misinformation and even present fabricated, race-based equations, raising concerns for patients.


Internet of Things (IoT) Vulnerabilities in Healthcare

What is it? The Internet of Things (IoT) in the healthcare industry refers to the integration of devices and technologies to enhance and streamline various aspects of healthcare delivery. IoT devices are often interconnected, allowing them to collect, exchange, and analyze data in real-time.

Why are healthcare organizations particularly vulnerable to the Internet of Things (IoT)? As the use of IoT devices in healthcare increases, so do security concerns. Connected devices may become vulnerable to cyberattacks, posing a risk of unauthorized access to sensitive patient data and potential privacy breaches. Due to the widespread distribution and internet connectivity of IoT devices, they are perfect targets for DDoS attacks.

What is the impact of the Internet of Things (IoT)  in healthcare / what does it mean for your organization? The increasing integration of IoT devices in healthcare brings both benefits and challenges. On the positive side, IoT enables real-time monitoring of patients, leading to more personalized and efficient healthcare services. However, the growing number of connected devices also poses cybersecurity risks, as healthcare organizations become more susceptible to data breaches and unauthorized access. Experts anticipate a significant surge in botnet attacks, given the expected 18% growth in IoT devices to 14.4 billion in 2023 and a projected increase to 27 billion by 2025. 

How the Internet of Things (IoT) takes form: 

  • Healthcare attack exposing 2.5 million patients: Norton Healthcare, a major healthcare system in Kentucky, experienced a ransomware attack that compromised the data of approximately 2.5 million patients and employees. This incident underscores the growing trend of cyberattacks on healthcare organizations, with sensitive patient data being a prime target.

  • Fitness tracker manipulation: If a health insurer offers an incentive to customers using a fitness tracker, and an error in the tracking software overstates the number of steps the user has taken, then the company may give more discounts than it should. The insurance company may attribute the financial loss to incorrect step counts as a result of external fitness tracker manipulation. 


Ransomware Attacks in Healthcare

What is it? Ransomware has dominated discussions across various industries in recent years. Though many sectors experience ransomware, healthcare organizations have fallen victim to this type of malicious attack at a greater rate due to the sensitive and critical nature of a place such as a hospital. Ransomware is designed to encrypt the healthcare organization's data, rendering it inaccessible until a ransom is paid to the attackers. 

Why are healthcare organizations particularly vulnerable to ransomware attacks? Healthcare organizations face a heightened susceptibility to ransomware attacks due to a convergence of factors. The immense value of sensitive patient data, coupled with the critical and time-sensitive nature of healthcare services, makes these institutions lucrative targets for cybercriminals seeking ransom payments. Alarming trends show that…

  • Ransomware-as-a-service (RaaS) groups are growing significantly: Ransomware attacks, such as those carried out by groups like BlackCat and LockBit, pose a significant risk – these groups operate as ransomware-as-a-service, with a core team responsible for creating malware and managing its online presence, while a larger team of affiliates executes cyber attacks, earning a percentage of ransom payments. (The Department of Health and Human Services Cybersecurity Coordination Center (HC3) warned that Royal-based and Blackcat ransomware attacks were on the rise and “should be considered a threat to the HPH sector in 2023.”)

  • China is actively targeting healthcare more: The Cybersecurity and Infrastructure Security Agency (CISA) is focused on threat activity tied to the People’s Republic of China as that country has become the top nation-state cyber adversary to the U.S. China is actively targeting more critical infrastructure in the healthcare sector.

    Resource:  The Decline in Ransomware in 2023 + The Threats Ahead

What is the impact in healthcare / what does it mean for your organization? Ransomware attacks can disrupt critical systems, compromise patient records, and hinder the delivery of medical services. The operational downtime during a ransomware attack not only affects patient care but also disrupts day-to-day administrative functions, impacting overall organizational efficiency.

How ransomware attacks take form:

  • Ransomware attack causes hospital systems to shutdown: The Department of Health and Human Services Health Sector Cybersecurity Coordination Center (HC3) alerted to a new ransomware threat known as BlackSuit, which may be responsible for an October 2023 attack against an organization that provides medical scans and radiology services for almost 1,000 U.S. hospitals and health systems and caused the victim to shut down computer systems and turn away patients. 

  • Private information leaked: Regal Medical Group, a southern California-based medical group, reported a ransomware attack potentially exposing the private health information of over 3.3 million patients. 

  • Cancer patients’ information leaked: In February 2023, a Pennsylvania-based health network disclosed that it had suffered an attack from BlackCat and that the perpetrators had released clinical images of cancer patients receiving radiation oncology treatment and had published several documents containing patient information online.

ResourceInsider Threats in Healthcare


Data Breaches in Healthcare

What is it? Data breaches refer to unauthorized access, disclosure, or acquisition of sensitive patient information within a healthcare system. These breaches can involve electronic health records, personal identification information, medical histories, or any other data that falls under protected health information (PHI). Breaches of healthcare organizations are the costliest data breaches in 2023, averaging $10.93 million per breach.

Why are healthcare organizations particularly vulnerable to data breaches? The integration of digital technologies, electronic health records (EHRs), and interconnected medical devices creates a complex and expansive attack surface, providing cyber adversaries with various entry points to exploit. A notable challenge also arises from some healthcare providers' reluctance to dispose of outdated medical records, also known as Electronic Health Information (EHI) – Microsoft Purview emerges as a solution designed to offer visibility into data, thereby preventing accidental EHI leakage across networks.

What is the impact in healthcare / what does it mean for your organization? Your patient privacy is compromised. 

  • Reputational damage is a significant concern as a breach of private information can and most likely will weaken patient trust, affecting the long-term credibility of your healthcare organization.
  • Legal and regulatory consequences, including fines, investigations, lost payments, etc. can have a huge impact on healthcare organizations

How data breaches take form: 

  • Dental data breach: Managed Care of North America had the largest data breach in the first half of 2023, affecting more than 8.8 million Americans. The intruders gained access to full names, Social Security numbers, insurance information, driver’s licenses or other government identification numbers, and care for teeth and braces. 

  • Identity-centric attack: Okta Inc. was under fire for constant breaches in 2023 after BeyondTrust security teams detected an identity-centric attack on an in-house Okta administrator account. 


Social Engineering Attacks in Healthcare

What is it? Social engineering is the manipulation of employees or staff members to gain unauthorized access to sensitive information or perform actions that compromise the security of healthcare systems. This manipulation often involves psychological tactics, phishing, or impersonation to exploit human vulnerabilities rather than relying on technical means, as threat actors have been using generative AI tools. 

 Why are healthcare organizations particularly vulnerable to social engineering attacks? The diverse roles ranging from medical professionals to administrative staff, create an environment that is favorable to social engineering attacks. Cybercriminals leverage human vulnerabilities through tactics like phishing, exploiting individuals' trust to gain unauthorized access to confidential information. 

What is the impact in healthcare / what does it mean for your organization? Successful social engineering can result in unauthorized access to patient records, leading to compromised confidentiality and potential data breaches. 

  • The financial impact includes costs associated with investigations, implementing security measures, and potential legal consequences. 

  • The reputation of healthcare organizations may suffer, with patient trust weakening

How social engineering attacks take form: 

  • Medical group phished: The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has settled with Lafourche Medical Group in Louisiana, a medical group hit by a phishing attack. The incident impacted the electronic health information of around 34,862 individuals.

  • Qakbot malware phishing attacks: A new wave of phishing attacks through QakBot malware has been closely observed throughout 2023. These messages infect computers through malicious attachments or links in spam emails. Following these attacks, in August of this year, the Federal Bureau of Investigation (FBI) revealed the successful dismantling of the QakBot botnet, a significant operation against cyber criminals engaging in ransomware, financial fraud, and various criminal activities. 

Defense Strategies – How do you strengthen your healthcare cybersecurity for 2024?

  1. Stay informed on new cybersecurity guidelines: The U.S. Department of Health and Human Services (HHS) along with the Health Care & Public Health (HPH) Sector released best practices guidelines for healthcare entities regarding cybersecurity in March 2023. Most recently, HHS released a concept paper that outlines their strategy, building on the National Cybersecurity Strategy. 

  2. Invest in cyber insurance: Cyber insurance helps protect healthcare organizations from the ever-growing cost of a data breach. Insurance will, partially or entirely, pay for the fines and fees that come with a data breach, ransomware attack, phishing attack, or other cybercrime.

  3. Implement incident response training courses within your organization: To help healthcare organizations across the nation protect their IT enterprises and build their cyber talent, CISA offers Incident Response (IR) training courses. This training addresses both an offensive and defensive view, providing not only the knowledge and tools needed to prepare an effective response if a cyber threat occurs but also strategies to prevent incidents from happening in the first place. 

  4. Stick with a Zero Trust policy at all times: Zero Trust requires continuous verification of identities and strict access controls. Zero Trust can significantly enhance the cybersecurity protection of sensitive patient data by mitigating insider threats, adapting to the increasing trend of remote work, securing medical devices, and aligning with regulatory compliance.




In response to the SEC’s new rules emphasizing board involvement in security, organizations in all industries are increasingly recognizing the need for a cybersecurity expert at the decision-making table. That’s where Avertium can help.

Avertium Managed HIPAA Achieve and maintain year-round compliance with Managed HIPAA

HIPAA compliance is more than an annual checkbox. With Avertium’s interconnected three-step approach – Assess, Design, and Protect – we ensure transparency and collaboration, aligning with and supporting your organization's unique cyber maturity journey. 

  • Assess: Avertium's team of expert GRC consultants can provide an overview of your organization's healthcare cybersecurity and HIPAA compliance programs, along with recommendations for specific improvements.  

  • Design: Avertium then helps organizations implement assessment recommendations.

  • Protect: Finally, Avertium can help organizations integrate compliance into their cybersecurity operations for continuous improvement and proactive protection.


Avertium’s Microsoft Security Solutions – End-to-end support from strategy to daily operations

Avertium’s partnership with Microsoft reinforces our three-step-approach while empowering you to maximize your Microsoft Security:

  • Assess: 3-Week Security Baseline Assessment: For healthcare organizations that lack the resources to accurately assess the security of their Microsoft Azure and Microsoft 365 deployments will benefit the most from this in-depth assessment. 

  • Design: Professional Services for Microsoft Azure: Designed for healthcare organizations looking for a Microsoft optimization roadmap and technical security design that guides daily and long-term defense operations. 

  • Protect: Managed SIEM for Microsoft Sentinel: Designed for healthcare organizations with less than 3,500 employees and limited security resources. Our proprietary threat detection rulesets & data correlation result in actionable and meaningful alerts.

  • Protect: MDR for Defender for Endpoint: For healthcare organizations looking to reduce their cyber risk and increase visibility across their network will benefit from Avertium’s MDR for Microsoft Defender for Endpoint managed services.


Additional Microsoft services that Avertium can assist your team with:

  • Microsoft Intune: Microsoft Intune is a cloud-based endpoint management solution offered by Microsoft that manages mobile devices, applications, and the security of data within an organization's network. Mitigate cyber threats to devices, protect data, and improve compliance across clouds.

  • Microsoft Purview: For healthcare organizations seeking a unified and holistic view of your organization's risk and compliance posture, leveraging AI to automate processes, streamline workflows, and provide actionable insights. By integrating Purview into your organization’s security operations, you can strengthen their cybersecurity defenses and effectively manage risks.

It is important to note that point solutions solve a narrow problem at a narrow point in time. Strategic programs, monitoring, endpoint protection, attack surface monitoring, compliance, and incident response, on the other hand, go beyond a fragmented view of your security posture. Strategic planning should inform your extended detection and response. These investments should work together to produce a greater outcome: Cyber Fusion

To schedule a consultation with Avertium, contact us today.


CIS   CMMC-2   FISMA  NIST CSF  ISO  SOC   HITRUST-1  HIPAA-Certification-Program-KID




Avertium is a cyber fusion company with a programmatic approach to measurable cyber maturity outcomes. Organizations turn to Avertium for end-to-end cybersecurity solutions that attack the chaos of the cybersecurity landscape with context. By fusing together human expertise and a business-first mindset with the right combination of technology and threat intelligence, Avertium delivers a more comprehensive approach to cybersecurity. That's why over 1,200 mid-market and enterprise-level organizations across 15 industries turn to Avertium when they want to be more efficient, more effective, and more resilient when waging today's cyber war.

Avertium. Show No Weakness.®
Chat With One of Our Experts

Threat Detection IoT social engineering AI ransomware Zero Trust Security SIEM GRC cyber insurance Cyberthreats in Healthcare cyber attacks Microsoft Security Solutions Microsoft Partner cyber fusion Blog