Cybersecurity Risks in Healthcare Software and Hospitals
Healthcare organizations remain under sustained cyber pressure, with 764 incidents reported in 2025 versus 749 the previous year, according to French health-sector reporting cited by ZDNet. A national survey of healthcare executives found that 15% of facilities said they had experienced a cyber incident causing disruption since 2022, while leadership concerns in a crisis center on continuity of care, financial impact, and staff working conditions. The reporting indicates cyber risk is now treated as a governance issue rather than only a technical one, but resource constraints and the need to strengthen hospital information systems remain major obstacles.
Germany’s BSI separately warned that software security in the healthcare sector is still inadequate after testing standard configurations of several medical and practice-management applications. In that review, three of four examined practice management systems contained chains of weaknesses that could have enabled internet-based attacks, including the use of outdated encryption algorithms; vendors were notified and reportedly remediated the issues. A separate ZDNet article about manipulation of online payment flows at Spanish hotels concerns a different incident in the payment sector and is not part of the healthcare story.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
ANSSI says most suspected leak cases involved recycled or fabricated data
A ZDNet report citing ANSSI said that 58% of 460 suspected data leak events were actually bluffing or reused data from older compromises rather than fresh breaches. Cert Santé also highlighted cases involving Normand’e-Santé and the Urssaf/Acoss breach where criminals recombined authentic and older leaked data to support fraud and phishing campaigns.
Cegedim breach highlighted as ongoing healthcare data protection challenge
The French healthcare threat overview cited the Cegedim breach as an example of persistent data protection issues, noting that 169,000 sensitive records were exposed. The article presents the breach as part of the broader pressure facing the sector.
Survey finds 15% of French healthcare facilities suffered disruptive cyber incidents
A national survey of 719 healthcare facility directors found that 15% of establishments had experienced a cyber incident causing disruption since 2022. The survey also showed increased leadership awareness, planning, and participation in cybersecurity crisis exercises.
Affected healthcare software vendors remediate reported flaws
BSI said it informed the affected manufacturers about the identified weaknesses, and the vendors addressed the vulnerabilities without delay. The disclosure indicates remediation occurred before or by the time of BSI's public warning.
BSI tests healthcare software and finds exploitable security weaknesses
In a project examining four example practice management systems used in Germany's healthcare sector, BSI found that the standard configurations of several products had improvable security. In three of the products, chained vulnerabilities could have enabled an attack from the internet, including the use of outdated and insecure encryption algorithms.
ANSSI says healthcare accounted for 8% of reported attacks in 2025
The ZDNet report states that ransomware continued to affect the healthcare sector and that healthcare represented 8% of attacks reported to ANSSI in 2025. This underscored the sector's continued exposure to major cyber threats.
French healthcare sector records 764 declared cyber incidents in 2025
The Agence du numérique en santé reported 764 declared cyber incidents affecting French healthcare organizations in 2025, up from 749 the previous year. The figures show that the sector remained under sustained cyber pressure throughout the year.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Comment des pirates recombinent des fuites de données pour mettre ...
zdnet.fr
Open sourceHôpitaux sous pression, ce qu'il faut savoir sur la menace cyber ...
zdnet.fr
Open sourceBSI moniert Software-Sicherheit im Gesundheitswesen | CSO Online
csoonline.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Healthcare Cyber Incidents: Kettering Health Ransomware Litigation, Insightin Health GoAnywhere Breach, and Polish Hospital Disruption
Multiple healthcare-sector cyber incidents were reported, including ongoing fallout from a major U.S. provider ransomware event. **Kettering Health** continues to face escalating legal exposure from a 2025 ransomware attack attributed to **Interlock**, which allegedly stole **941 GB** of data and encrypted systems; the disruption forced shutdown of roughly **600 applications**, a temporary shift to paper workflows, and delays to care while systems (including *Epic* EHR) were restored. Dozens of patient lawsuits have been filed and consolidated in Ohio, with claims focused not only on data theft but also alleged **delayed or denied medical care** during the outage. Separately, healthcare vendor **Insightin Health** disclosed a 2025 security incident involving its use of the *GoAnywhere* managed file transfer tool, reporting that an unauthorized party accessed GoAnywhere by exploiting an **“unknown design flaw”** and potentially accessed files on a subset of servers between **Sept 17–23, 2025**; impacted data may have included names, provider names, insurance information, and member IDs (no SSNs or financial data reported). In Europe, the Independent Public Regional Hospital in **Szczecin, Poland** reported a March 2026 cyberattack that **encrypted parts of hospital data**, disrupted digital operations, and forced a temporary return to paper-based processes, while the hospital stated urgent care continued despite slower administration.
Mar 21, 2026
Cybersecurity Vulnerabilities in North American Healthcare Systems
Canada's healthcare sector is facing significant cybersecurity challenges as it undergoes rapid digital transformation, with a recent report highlighting increased exposure to ransomware, data theft, and operational disruptions. The Pulse Check: Cybersecurity in Healthcare in Canada report, launched at the InCyber Conference in Montreal, reveals that one in three Canadian healthcare institutions experienced an attempted ransomware attack in the past year. Hospitals and health authorities are particularly vulnerable to threats such as phishing, insider attacks, and exploitation of legacy systems. The report emphasizes that the issue is not solely technological but also cultural, underscoring the need for workforce readiness and cross-sector collaboration to strengthen cyber resilience. Medical device manufacturers and provincial regulators are urged to adopt a holistic approach to risk, integrating data privacy and operational continuity with patient care. Canadian cities like Montreal, Toronto, and Calgary are emerging as leaders in cybersecurity innovation, fostering talent and research to protect public institutions. Targeted ransomware campaigns against Canadian hospitals have surged since 2023, often perpetrated by organized criminal groups exploiting underfunded infrastructure. Meanwhile, in the United States, a report from the Department of Health and Human Services' Office of Inspector General (HHS OIG) found that Medicaid management and enrollment systems in nine states and Puerto Rico have generally effective controls against basic cyberattacks but remain vulnerable to more sophisticated threats. Penetration testing conducted between 2020 and 2022 revealed that while some attacks are thwarted, improvements are necessary to defend against advanced tactics. State Medicaid systems are increasingly targeted due to the sensitive data they hold, with a rise in ransomware, phishing, and denial-of-service attacks posing significant risks. At least six U.S. states have reported major breaches of Medicaid systems between 2012 and 2023, highlighting the persistent threat landscape. Both Canadian and U.S. healthcare sectors are grappling with the dual challenge of modernizing digital infrastructure while addressing evolving cyber threats. The reports stress the importance of integrating cybersecurity into every aspect of healthcare operations, from frontline staff awareness to regulatory oversight. The growing sophistication of cybercriminals necessitates continuous investment in security measures and workforce training. Collaboration between public and private sectors is identified as a key factor in building resilient healthcare systems. The findings underscore that patient safety is intrinsically linked to robust cybersecurity practices. As healthcare organizations become more interconnected, the potential impact of cyber incidents on patient care and data privacy increases. The reports call for urgent action to address security gaps and foster a culture of cyber vigilance across the healthcare ecosystem. Both countries are urged to prioritize cybersecurity as a fundamental component of healthcare delivery. The ongoing digital transformation presents both opportunities and risks, making proactive security strategies essential for safeguarding critical infrastructure. The convergence of technological, human, and regulatory factors will determine the resilience of North American healthcare systems against future cyber threats.
Mar 21, 2026
Reports Highlight Identity, Supply-Chain, and Healthcare as Key Cyber Risk Drivers
Recent reporting highlights a shift in enterprise cyber risk toward **external dependencies and identity abuse**. Coverage of the EU’s **NIS2** directive emphasizes that organizations are expected to treat **supply-chain security** as a core governance and architecture issue, reflecting the reality that third parties (e.g., cloud providers, software suppliers, maintenance access, and outsourced services) are frequent intrusion paths rather than risks contained “inside the firewall.” Separately, findings cited from Eye Security’s *State of Incident Response Report 2026* indicate attackers are increasingly **exploiting existing access** rather than “hacking in,” with **identity-based attacks** dominating and **passwords** implicated in the vast majority of such incidents; common initial compromise paths still include phishing, exposed/misconfigured internet-facing systems, social engineering, and software supply-chain attacks. In healthcare, a Trellix threat intelligence report based on **54.7 million detections** from 2025 healthcare environments warns cyber incidents are escalating from IT disruption into a **patient safety** issue due to highly interconnected systems and “cascading” outages. The report identifies **email** as the leading threat vector and the **U.S.** as the primary target, and describes ransomware and extortion activity intensifying, including groups such as **Qilin** (noted for targeting EHR databases), **INC Ransom**, and newer actors like **Sinobi** focusing on biotech; it also reports a sharp rise in **extortion-only** tactics with per-patient ransom demands intended to sidestep corporate insurance dynamics. Across these sources, **phishing** remains a dominant initial access method, with lures increasingly tailored to privileged IT roles (e.g., “AI Transformation” themes).
Mar 21, 2026