Cybercriminals Ramp Up Attacks on Healthcare in 2024

The healthcare industry remains a top target for cybercriminals, with a noticeable rise in hacking incidents and data breaches throughout 2024. According to Verizon’s newly released 2025 Data Breach Investigations Report (DBIR), ransomware and other forms of system penetration are now the leading causes of healthcare data breaches.

While the median ransom payment has dropped, ransomware attacks have surged by 37% across all industries and are involved in 44% of breaches. The median ransom amount fell to $115,000 from $150,000 the previous year, and 64% of victim organizations chose not to pay — an increase from 50% two years ago. Verizon analysts suggest this shift may be driving down ransom demands overall.

Small businesses are feeling the impact even more severely. While ransomware accounts for 39% of breaches in larger organizations, it is responsible for a staggering 88% of breaches among small and medium-sized businesses.

Between November 1, 2023, and October 31, 2024, the healthcare sector reported 1,710 security incidents, 1,542 of which involved confirmed data exposures. That’s a significant jump from the previous year, which saw 1,378 incidents and 1,220 breaches.

One of the most high-profile attacks during this period targeted Change Healthcare, a company owned by UnitedHealth Group. The breach affected an estimated 190 million people. After Change Healthcare’s systems went offline on February 21, 2024, its parent company Optum confirmed a cybersecurity incident. Initially, UnitedHealth Group suggested a “nation-state” actor was behind the attack, but later identified BlackCat — also known as ALPHV or Noberus — as the responsible cybercriminal group.

Healthcare experienced the second-highest number of breaches among all industries in 2024, according to Verizon’s report, with 1,607 breaches — just behind the industrial sector.

Verizon Business urges companies to act swiftly to strengthen their cybersecurity defenses amid the growing threat landscape.

Meanwhile, other major incidents continue to surface. Comparitech reported that ransomware group Interlock claimed responsibility for an attack on DaVita, stating they had stolen 1.5 TB of data, including over 75,000 folders and 683,000 files.

Blue Shield of California also recently disclosed that it had been sharing sensitive health information with Google for nearly three years — potentially impacting the protected health information of 4.7 million members.

The financial consequences of these breaches are severe. A study from Panaseer, a cybersecurity automation and data analytics company, found that poor cybersecurity practices have cost U.S. organizations millions in fines, settlements, and reimbursements. Between August 2024 and February 2025, Panaseer analyzed data breach class action settlements from Top Class Actions and ClassActions.org, uncovering 43 lawsuits and 73 settlements totaling over $154 million. The largest individual settlement reached $21 million, with the average around $3 million.

Healthcare was the most heavily affected industry (32.7% of cases), followed by finance (13.2%) and retail (5.3%).

According to Panaseer, the most common causes of legal action included delayed breach notifications (10% of filings), insufficient cybersecurity measures (50% of filings), and failure to encrypt sensitive data (40% of filings).