As first reported by Industrial Cyber, Health-ISAC warns in its First Quarter 2025 Health-ISAC Heartbeat report that VPN exploits across healthcare systems, the healthcare sector continues to face a relentless wave of cyberattacks with ransomware incidents rising to 158 in Q1 2025, a slight increase from late 2024.
VPN provider vulnerabilities and compromised credentials remain consistent attack vectors, posing significant risks to healthcare organizations worldwide. The Americans bore the brunt of these attacks, accounting for over 80 percent of impacted entities, reflecting the region’s heightened exposure to cyber threats targeting critical medical infrastructure and sensitive patient data.
Health-ISAC has actively issued numerous targeted alerts—220 in the first quarter alone—to help member organizations mitigate vulnerabilities in key infrastructure, including BeyondTrust remote access tools and Next.js middleware widely used in healthcare web applications. These vulnerabilities expose healthcare systems to potential exploitation, emphasizing the need for rapid patching and vigilant security monitoring.
The report also highlights the growing trend of cybercriminals selling stolen data and network access on underground forums, with recent incidents involving compromised VPN access sold for U.S.-based healthcare providers, illustrating the sophistication and persistence of threat actors.
Source: health-isac.org.
The threat landscape is further complicated by the rise of ransomware-as-a-service operations such as INC Ransomware, which specifically target healthcare organizations due to their reliance on legacy systems and the critical nature of patient care continuity. Health-ISAC recommends comprehensive cybersecurity measures including prompt patch management, employee training, network segmentation, phishing-resistant multi-factor authentication, and continuous monitoring to strengthen defenses.
The report’s findings align with broader industry observations that healthcare remains a prime target for data breaches and cyber extortion, underscoring an urgent need for enhanced resilience across the sector.
