In an age where most personal data is stored online, and technology is needed to continue the workflow, cyberattacks have become more frequent and potentially more costly. Medical centers, including hospitals, clinics, and doctors’ offices, have become a prime target for cyberattacks due to the amount of information stored about each patient, potentially disrupting care for patients and leaving them more vulnerable if not addressed. Cybersecurity in health care has become more important as a result, with experts highlighting ways to protect patients, their data, and their care.

Medical Practices, Hospitals Are a Prime Target for Cyberattacks

As new digital workflows are added to the way that hospitals and other medical practices operate, including remote access or other cloud apps, the attack surface for cyberattacks has increased overall, making them more vulnerable than ever.

“In health care, those disruptions don’t just slow down business operations; they can interrupt care delivery,” said Tarun Sondhi, managing director of cybersecurity at Accenture. “…And when you unpack this a little bit further, it can affect access to records, communication, scheduling, and other systems that the teams depend on.”

Sung Choi, an associate professor at the School of Global Health Management and Informatics at the University of Central Florida, emphasized that health care data is uniquely valuable for potential attackers. “It has your financial information, personal information, even things like social security…you have all the different pieces that can be exploited for health care fraud or financial fraud.”

In February 2024, Change Healthcare, a clearinghouse that is part of 40% of all medical claims in the US, was targeted in a cyberattack that left the subsidiary of UnitedHealth offline for an extended period of time, potentially leaking the health information of approximately 192.7 million Americans.^1,2 Despite UnitedHealth paying the ransom, the attack left patients vulnerable to unwanted consequences of their data being leaked, giving a real-world example of how cyberattacks on medical databases can affect patients.

A total of 69 of the 90 largest health care data breaches of all time have come in the 2020s,² showing an increased interest in these files by potential attackers. Although the incidence of data breaches has decreased overall from 2024 to 2025, there were an average of 47 data breaches reported each month from September 1, 2025, to January 31, 2026, which can have consequences for patients and medical practices alike.

Cyberattacks Threaten Access to Care

Cyberattacks can not only leak patient data, but they can also shut down processes that are primarily online, such as prior authorizations and scheduling. Beyond the implications of data being exposed to bad actors, this can also disrupt the patient care experience.

“When you look at the systems that support care delivery and when they’re disrupted, teams are now focusing on downtime procedures, and what that can result in is delays [and] added risk,” said Sondhi. “It means slower access to clinical information, interruption to all the coordination that the clinicians need to do within the hospital itself or with an outside resource, whether it’s an imaging solution or imaging center.”

Sondhi also noted that workflows could be postponed, which could impact patient care. Employees within hospitals and clinics depend on their technology to get their work done, which could become a problem should there be a cyberattack.

“Hospitals, on average, are improving [in cybersecurity], but the gap between the strongest and weakest is wide, and most of the patient risk sits at the bottom, often smaller, rural, or under-resourced hospitals with the least slack to absorb a multi-week shutdown. For patients, the privacy harm is real [as] leaked records can fuel medical identity theft for years,” explained Choi.

A study published in 2022 found that 44.4% of ransomware attacks disrupted the delivery of health care to patients, including cancellations of scheduled care in 10.2% of attacks, electronic system downtime in 41.7% of attacks, and ambulance diversion in 4.3% of attacks between 2016 and 2021.³ With the incidence of cyberattacks increasing, these disruptions have likely increased overall.

Sondhi also noted that, even though most processes can move to manual procedures if the system goes down, delayed care is still possible, as they have to get used to doing things a different way for a short amount of time, whether it be going to get imaging results in person while the system is offline or calling a pharmacy directly for medications as needed. “We depend on technology to be able to do that, and it’s very difficult to switch,” he said.

Protecting Medical Technology from Cyberattacks Should Be Top Priority

With the number of cyberattacks that happen per month, it is important that hospitals protect themselves from the potential of an attacker taking advantage of their system and leaving their patients vulnerable, both through data leaks and a delay in patient care.

In a study conducted by Choi and published in 2021, he and his coauthor found that hospitals had lower cybersecurity ratings when compared with Fortune 1000 firms, despite the gap closing between 2014 and 2019.⁴ Hospitals with low security ratings had a significantly higher risk of a data breach, ranging from a probability of 14% to 33% in a year.

“Unfortunately, ransomware attacks have been growing, so it’s a game of cat and mouse,” said Choi. “I think things have deteriorated, especially after COVID, where a lot of health care was moving online… Hospitals have probably gotten better, but also attackers have been getting more sophisticated as well.”

Sondhi emphasized that approaching cybersecurity should start with the basics and mature over time. There are 3 steps, he said, that can approach the critical weaknesses in cybersecurity. These include strengthening your identity and access, including reducing remote exposure with different devices; instrumentation of all telemetry data to monitor and clear incident response playbooks; and understanding the approach to figuring out what to do should a third-party vendor be compromised, including recovery plans and knowing how and when to sever ties. Having baseline knowledge could help to mitigate the problem should it arise.

“When cybersecurity is treated like a resilience, it protects not only data [but it also] protects access, continuity, and the ability to deliver safe care in a very cost-constrained environment,” said Sondhi.

Choi suggested that medical practices should use external ratings to measure their cybersecurity. Basic security, such as 2-factor authentication and offline backups, should be incorporated into the workflow. Security should be designed around the clinicians, and investment should be made to train employees on phishing and other dangerous ransomware attacks to limit the efficacy of such attacks.

“Most breaches still begin with a lost device, or a phishing click, which is a training and culture problem, not just a technology problem,” Choi explained.

Overall, the cybersecurity of hospitals, medical clinics, and doctors’ offices is crucial to protecting patients and providing timely care, without being inhibited by the online system shutting down or data being leaked through ransomware attacks. Prioritizing cybersecurity in the future should be a top concern as more care moves online.

References

1. What we learned: Change Healthcare cyber attack. US House Energy & Commerce. May 3, 2024. Accessed May 4, 2026. https://energycommerce.house.gov/posts/what-we-learned-change-healthcare-cyber-attack
2. Alder S. Healthcare data breach statistics – updated for 2026. The HIPAA Journal. February 26, 2026. Accessed May 4, 2026. https://www.hipaajournal.com/healthcare-data-breach-statistics/
3. Neprash HT, McGlave CC, Cross DA, et al. Trends in ransomware attacks on US hospitals, clinics, and other health care delivery organizations, 2016-2021. JAMA Health Forum. 2022;3(12):e224873. doi:10.1001/jamahealthforum.2022.4873
4. Choi SJ, Johnson ME. The relationship between cybersecurity ratings and the risk of hospital data breaches. J Am Med Inform Assoc. 2021;28(10):2085-2092. doi:10.1093/jamia/ocab142. #LivingSafeOnline, #Cybersecurity, #HealthcareSecurity, #MedicalCyberDefense, #PatientDataProtection, #DigitalSafety, #CyberRisk, #OnlineSecurity, #CyberCrime, #HealthTech, #RiskManagement, #CyberPolicy, #CyberPower, #NationalSecurity, #TechForGood