From AI-powered phishing to infostealers and data manipulation, cybercriminals are refining their tactics, forcing medical facilities to adapt quickly or face devastating breaches. How do hackers perfect their methods, and how can healthcare stay ahead?
Hackers are faster and more effective with AI
Google experts know the cybersecurity landscape and the latest trends well – the company faces hundreds of thousands of hacker attacks daily. The recently published Cybersecurity Forecast 2025 report by Google Cloud outlines the biggest online threats and shifts in cybercriminal methods.
One key finding is the rapid rise in incidents involving artificial intelligence. “We will see continued use of AI and large language models (LLMs) to develop and scale more convincing phishing, vishing (voice phishing), SMS, and other social engineering attacks,” write the authors of the report.
AI enhances the effectiveness of classic phishing attacks and refines long-used social engineering techniques. The more advanced generative AI and large language models (LLMs) become, the harder it is to detect so-called deepfake attacks, which are used for identity theft and bypassing security barriers. For instance, tools like ChatGPT can create plausible but fake emails from courier companies or banks. Deepfake technology enables cybercriminals to impersonate doctors and phishing via telemedicine platforms.
Impact of the tense geopolitical situation
Since Russia's attack on Ukraine, healthcare has become a target for Russian hacking groups. As geopolitical tensions rise, an increasing number of attacks are also anticipated from China, North Korea, and Iran. These states are leveraging cyber tactics to gain strategic advantages.
Ransomware will remain the most prominent threat in 2025. This malware, often installed via a malicious link or attachment, continues to be a favored tool for hackers. The democratization of hacking skills is particularly concerning. While past hackers were primarily IT specialists, today, anyone can become a cybercriminal. Ransomware is readily available on the darknet, and AI can even assist in programming it.
“Ransomware, data theft extortion, and multifaceted extortion are, and will continue to be in 2025, the most disruptive type of cybercrime globally – both due to the volume of incidents and the scope of potential damage for each event,” the report states.
New cyberthreats in healthcare
In 2024, ransomware incidents in the healthcare sector caused severe disruptions, hindering patient care at hospitals, blocking access to essential prescription refills, and preventing doctors from conducting critical lab tests or billing insurance. Cyberattacks on healthcare will continue to grow as the sector undergoes digitization – a process lagging behind other industries – and collects vast amounts of sensitive data.
For years, experts have warned of a new type of cyberattack involving not just data theft but data manipulation. For example, a hacker could alter lab results for thousands of patients, endangering lives through improper treatment while stealing the original data backup. This strategy is even more dangerous than current data encryption attacks. However, providers can effectively protect themselves by maintaining real-time backups, preferably in the cloud.
While AI is a double-edged sword, it is already being used in data security systems to detect anomalies and threats in real-time, automating actions to minimize risks. AI-powered antivirus programs are also expected to become more widespread and affordable.
Healthcare is not defenseless
Google highlights the increasing threat of infostealers – tools designed to capture credentials like passwords. The absence of two-factor authentication (2FA) in some systems makes it easy for attackers to access critical infrastructure, including electronic health record (EHR) systems and financial platforms. However, the infostealers’ effectiveness is significantly reduced when facilities implement 2FA, which requires a trusted one-time password.
In addition to individual measures, new regulations aim to bolster cybersecurity across the healthcare sector. The updated Network and Information Security Directive (NIS2), effective in 2025, will require European healthcare organizations to strengthen their cybersecurity practices. To comply, facilities must invest in advanced security technologies, enhance risk management, and prepare incident response protocols.
Transitioning the sector to cloud-based data storage is also crucial. Given the looming challenge of post-quantum cryptography, starting this process now is advisable. While fully efficient quantum computers remain a distant reality, their eventual development could render current encryption methods obsolete. Although it’s too early to implement quantum-resistant encryption, facilities should maintain an up-to-date inventory of cryptographic systems to ensure a swift migration to new solutions when needed.
Cyberthreat resilience requires just basic security standards
Medical facilities can significantly enhance their resilience to cyberattacks by adopting basic security measures, including real-time data backups (preferably cloud-based), regular updates to operating systems and antivirus software, staff training, two-factor authentication, and regularly updated data security policies.
Digitized hospitals face unique vulnerabilities, as hackers may exploit connected Internet of Things (IoT) devices. For example, a 500-bed hospital with mid-level digitization might have up to 10,000 IoT devices transmitting sensitive data. Comprehensive protection strategies must account for these potential entry points.
