The healthcare sector is facing an alarming rise in cyber threats, according to a new report from global cyber security expert NCC Group. As a cornerstone of critical national infrastructure, the sector has become an attractive target for organised crime groups and nation-state actors.
• 550 attacks against healthcare sector targets were recorded in our ransomware database in 2024, up 21% from 454 in 2023, and 216% from 174 in 2022.
• Healthcare consistently ranks in the top 5 most targeted sectors across 2022, 2023, and 2024.
• In 2024, RansomHub and LockBit 3.0 were responsible for the greatest share of attacks against the sector.
Worryingly, only 40% of healthcare organisations currently provide cyber awareness training for non-IT staff - leaving them highly vulnerable to phishing schemes and social engineering attacks.
The report highlights how widespread reliance on outdated technology is exposing healthcare providers to increasingly sophisticated cyber threats. These attacks can have severe consequences for patient care, from delayed operations due to ransomware and distributed denial of service (DDoS) attacks to breaches of confidential data that lead to fraud and identity theft.
Matt Hull, Global Head of Threat Intelligence at NCC Group, commented: “The healthcare sector is facing unprecedented cyber threats that can have devastating impacts on patient care and data security. Our latest report outlines several concerning scenarios, including espionage that undermines vital medical research.”
Hull stressed the urgent need for decisive action: “We understand there is a fine balance between prioritising patient care and security spending, but urge senior leaders, policymakers, IT and cyber security teams, and medical professionals to act now. Cyber resilience must be embedded into everyday decision making. It is also important to ensure frontline healthcare staff receive comprehensive training and become aware of cyber threats. In turn this helps an organisations ability to detect and prevent attacks.”
The report provides a detailed examination of real-world incidents, identifies the most pressing cyber threats, and offers actionable recommendations. It serves as a clear call to action for the sector to strengthen its defences against the growing cyber threat landscape.
Read the full report here.
About NCC Group
NCC Group is a people-powered, tech-enabled global cyber security and software escrow business.
Driven by a collective purpose to create a more secure digital future, 2,000 colleagues across Europe, North America, and Asia Pacific harness their collective insight, intelligence, and innovation to deliver cyber resilience for over 14,000 clients across the public and private sector.
With decades of experience and a rich heritage, NCC Group is committed to developing sustainable solutions that continue to meet clients’ current and future cyber security challenges.