Report: Health care had most reported cyberthreats in 2024 

Health care had more cyberthreats last year than any other critical infrastructure industry, according to the FBI's 2024 Internet Crime Report released April 23. A total of 444 reported incidents impacted health care, comprised of 238 ransomware threats and 206 data breach incidents. Only critical manufacturing had more ransomware incidents, with 258, but fewer data breaches, with 71. The report also found that ransomware groups with the most FBI complaints in 2024 included Akira, LockBit and RansomHub. 

“It’s not surprising that the report shows health care suffered the highest combined total of ransomware and data theft attacks of any U.S. critical infrastructure sector,” said John Riggi, AHA national advisor for cybersecurity and risk. “Concurrently in 2024, health care made 592 regulatory filings of reported ‘hacks’ of protected health information to the Department of Health and Human Services Office of Civil Rights, impacting a record of 259 million Americans. That massive number is mainly due to the hacking of records for 190 million Americans during the Change Healthcare ransomware attack.  

“As we analyze these incidents, we have noticed consistent patterns over the past three years, with the vast majority of patient records being stolen from third parties — not from hospitals. Also, the majority of ransomware attacks are perpetrated by Russian-speaking ransomware groups that primarily use social engineering, stolen credentials and exploitation of unpatched published vulnerabilities for initial access. However, the sharing of threat intelligence and defensive measures across health care has increased significantly, while prioritizing resiliency through clinical continuity protocols to minimize impact to patient care and safety.” 

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.