Healthcare Under Fire
In 2024 and 2025, healthcare institutions worldwide were the most frequent targets of ransomware attacks. The numbers are alarming: according to the European Union Agency for Cybersecurity (ENISA), the healthcare sector accounts for 24% of all reported cyber incidents — more than the financial sector, government, or the energy industry.
In the Netherlands alone, dozens of healthcare institutions were affected, from large hospitals to small GP practices. The impact goes beyond IT problems: patient care is endangered, surgeries are postponed, and in the worst case, attacks can cost human lives.
But why is healthcare specifically so attractive to cybercriminals?
Reason 1: Medical Data is the Most Valuable Digital Asset
A stolen credit card number is worth approximately €5-15 on the dark web. A complete medical record? Between €250 and €1,000. Medical data is permanent — you cannot change your blood type like you change a password — and contains a wealth of personal information useful for identity fraud, insurance fraud, and extortion.
The combination of national identification numbers, medical diagnoses, addresses, and insurance details makes a medical record the most complete identity profile that exists.
Reason 2: The Pressure to Pay is Enormous
When a manufacturing company is hit by ransomware, it loses money. When a hospital is hit, patients are endangered. That life-threatening urgency makes healthcare institutions ideal extortion targets: the pressure to pay quickly and restore systems is nowhere higher.
Cybercriminals know this and adjust their ransom demands accordingly. They don't ask for the maximum amount — they ask for just enough to make paying seem like the fastest and cheapest option.
Reason 3: Legacy Systems and Technical Debt
The healthcare sector carries enormous technical debt. Medical equipment — from MRI scanners to infusion pumps — often runs on outdated operating systems that are no longer updated. Windows XP and Windows 7 can still be found in many hospitals, not from unwillingness but because the medical software running on them is incompatible with newer systems.
These legacy systems cannot be patched and represent a permanently open door for attackers.
Reason 4: Complex Network with Many Entry Points
A modern hospital is a digital ecosystem of thousands of connected devices: medical devices, patient portals, EHR systems, laboratory equipment, building management systems, and the personal devices of doctors and nurses. Every device is a potential entry point.
Additionally, many parties collaborate in healthcare: referring physicians, laboratories, pharmacies, insurers, and home care organisations. Each of these connections expands the attack surface.
Reason 5: The Human Factor is Extra Vulnerable
Healthcare professionals work under enormous pressure. They work in shifts, are continuously interrupted, and must switch rapidly between tasks. This is precisely the environment in which phishing attacks are most effective: when people are under pressure, they make quicker decisions and check less.
Moreover, the primary focus of healthcare workers is — rightly — the patient. Cybersecurity feels like an obstacle keeping them from their actual work. The tendency to circumvent security measures 'because it's faster' is greater in healthcare than in any other sector.
Reason 6: Limited Budgets and Capacity
The healthcare sector operates on thin margins. IT budgets are weighed against investments in medical equipment, personnel, and patient care. Setting up a sophisticated Security Operations Center (SOC) or hiring a dedicated CISO is financially unfeasible for many healthcare institutions.
The result: security is understaffed and underfunded while threats increase.
The GDPR Dimension
Medical data constitutes special category personal data under GDPR. A data breach in healthcare is not just a security incident but also a serious privacy violation. Data protection authorities can impose fines of up to €20 million or 4% of annual global turnover.
Additionally, patients have the right to compensation if their medical data is leaked. The reputational damage and loss of patient trust are often even more devastating than the financial consequences.
What Can You Do Today?
- Segment your network: Separate medical equipment from the office network and guest access
- Patch what you can: Not everything can be patched, but everything that can should be updated immediately
- Invest in awareness: Not an annual e-learning, but continuous, practice-oriented training
- Offline backups: Ensure isolated backups that are not accessible from the network
- Incident response plan: Regularly practise a ransomware scenario, including communication to patients
- Behavioural analysis: Map how employees actually handle security under work pressure
Nexus-7 for the Healthcare Sector
Nexus-7 understands the unique challenges of the healthcare sector. Our Q-Method behavioural analysis is specifically suited to measuring the security posture of healthcare professionals — precisely under the conditions of high work pressure and continuous interruptions in which they work daily.
We combine this with technical assessment that accounts for the reality of legacy systems and complex healthcare networks. The result is a concrete, achievable improvement plan that fits the budgets and priorities of healthcare institutions.
Want to know how vulnerable your healthcare institution is? Contact us for a no-obligation conversation about the cybersecurity challenges in your organisation.
