Healthcare Cybersecurity: Threat Landscape 2023–2026

A comprehensive retrospective of healthcare cybersecurity threats from 2023 through mid-2026 — ransomware epidemics, medical device vulnerabilities, state-sponsored espionage, and regulatory responses.
healthcare
Published

June 20, 2026

Executive Summary

Healthcare has become the single most targeted critical infrastructure sector in modern cybersecurity. The FBI Internet Crime Complaint Center confirmed in April 2026 that healthcare and public health absorbed more ransomware attacks in 2025 than any other sector — 278 reported incidents — while acknowledging that figure substantially understates reality due to chronic underreporting. Over the period covered in this retrospective, ransomware groups have forced entire hospital networks offline, caused chemotherapy cancellations and surgical deferrals, turned state trauma centres to paper-based records, and stolen hundreds of millions of patient records. In parallel, state-sponsored actors from China, North Korea, Iran, and Russia have embedded themselves in medical research networks for multi-year espionage campaigns, and the expanding attack surface of connected medical devices has drawn increasing FDA and regulatory attention. This retrospective synthesises findings from more than two years of threat intelligence, spanning documented incidents, threat actor profiles from structured intelligence feeds, and regulatory developments through mid-2026.

This retrospective covers cybersecurity threats to the healthcare sector including hospitals, medical devices, health IT systems, research institutions, and pharmaceutical supply chains.

Part I: The Ransomware Epidemic

2025: Covenant Health and the Human Cost of Double Extortion

The year 2025 established ransomware as an existential operational threat to healthcare networks rather than a purely financial one. The Qilin ransomware group’s attack on Covenant Health — a Catholic healthcare network operating hospitals and facilities across six states — became one of the defining incidents of the period. The attack, carried out in May 2025, resulted in the theft of 852 gigabytes of data and approximately 1.35 million files, ultimately affecting 478,188 individuals. At least one facility within the network, St. Mary’s Health System, was forced onto paper-based laboratory processing during the incident, with increased patient wait times reported throughout the affected network. The regulatory and legal exposure generated by this single attack continued to compound well into 2026, with breach notifications still being filed during week 25 of that year — illustrating how healthcare ransomware events generate consequences far beyond the initial encryption and recovery phase.

Ireland’s Health Service Executive disclosed in December 2025 that a second ransomware attack had occurred in February 2025 — targeting a third-party processor — adding to the legacy of the devastating 2021 HSE attack that had already cost €102 million to remediate. The pattern of cascading multi-year exposure from healthcare ransomware was becoming a defining feature of the threat landscape.

FBI Statistics: A Sector Under Siege

The statistical picture emerging from 2025 was alarming even by the elevated standards of prior years. Across healthcare direct-care providers, 293 attacks were recorded between January and September 2025 alone. A further 130 attacks struck healthcare businesses in the same period — a 30 percent increase over the preceding year. Ransomware-as-a-service groups dominated the targeting, with INC responsible for 39 attacks, Qilin for 34, SafePay for 21, RansomHub for 13, and Medusa for 13. The FBI’s confirmation of healthcare as the top ransomware target in 2025 explicitly noted that this represented the tip of the iceberg given systemic underreporting across the sector.

Survey data collected across healthcare organisations in 2025 illuminated the operational reality behind the statistics. Seventy-two percent of cyberattacks caused patient care disruptions — up from 69 percent the prior year. Forty-six percent of affected organisations required manual processes to maintain operations. Forty-four percent reported delayed diagnoses or procedures. Forty-four percent had extended patient stays. The convergence of these operational impacts with the financial pressure of double-extortion — combining data encryption with threatened publication of sensitive patient records — produced a sector-wide dynamic in which ransomware operators could rationally expect faster and larger ransom payments from healthcare targets than from organisations in almost any other industry vertical.

Threat behaviour itself shifted notably during this period. Data encryption dropped to 34 percent — the lowest proportion in five years, down from 74 percent in 2024 — as extortion-only attacks tripled to 12 percent. Fifty-eight percent of healthcare organisations that experienced attacks recovered within a week, up from 21 percent in prior years, suggesting that backup and recovery investments were improving. Ransom payment rates declined to 36 percent, down from 61 percent in 2022, though total U.S. cybercrime losses attributable to ransomware still rose 259 percent year-over-year by 2025.

2026: Escalation Across Europe and North America

The first half of 2026 saw the pattern established in 2025 intensify, with ransomware groups expanding their European targeting while sustaining relentless pressure on North American health systems.

In Austria, the LockBit 5.0 group claimed CS Pflege und Betreuung, a healthcare and elderly care provider, in late January 2026. The targeting of a provider serving vulnerable populations attracted particular attention. Switzerland was simultaneously struck by Qilin, which listed Auforum AG — a healthcare and rehabilitation supplies company — on its data leak site. The geographic distribution of these incidents confirmed that European healthcare networks, historically less frequent ransomware targets than their North American counterparts, were being drawn increasingly into the primary targeting envelope.

The United States saw some of the most operationally disruptive incidents of the period in early 2026. The University of Mississippi Medical Center detected a ransomware attack in the early hours of 19 February 2026. The attack forced closure of all 35 UMMC clinic locations statewide, cancelled outpatient surgeries and imaging appointments, and shifted hospitalised patients to paper-based downtime procedures. The stakes were particularly high given that UMMC operates Mississippi’s only children’s hospital, only Level I trauma centre, and only organ and bone marrow transplant programme. Patients who had driven hours for scheduled chemotherapy arrived to find facilities unable to treat them. UMMC was communicating with the ransomware operators while simultaneously working with the FBI — a dual-track approach that has become the operational norm for healthcare systems facing live encryption events.

Signature Healthcare in Brockton, Massachusetts fell victim to the Anubis ransomware group on 6 April 2026. The clinical impact was severe: emergency room diversion, chemotherapy cancellations, pharmacy disruption, and reversion to manual patient-tracking on whiteboards. Downtime procedures continued for approximately two weeks following the initial detection. The following day, Lynx ransomware claimed ACN Healthcare — the second confirmed healthcare ransomware incident in consecutive days — demonstrating the pace at which the sector was being targeted. Qilin continued operating throughout the period, claiming Aroostook Mental Health Center in Maine in March 2026, Neurologic Associates of Central Brevard in Florida in April, and accumulating a cumulative victim count in the healthcare sector of 168 organisations by mid-June 2026. INC ransomware, which had accumulated more than 830 confirmed victims since its emergence in 2023, published previously exfiltrated data from Sandhills Medical Foundation during week 25 of 2026, affecting approximately 169,000 patients.

Part II: Medical Device Vulnerabilities

A Historical Pattern of Life-Critical Exposures

The vulnerability of networked medical devices to cyberattack predates the current ransomware epidemic by more than a decade, and the trajectory of device security failures provides essential context for understanding the regulatory environment that has emerged in response.

As early as 2011, security researchers at Black Hat demonstrated the ability to remotely control an insulin pump to deliver a potentially lethal dose — a landmark demonstration that transformed abstract concerns about medical device security into documented technical reality. IBM researchers subsequently found vulnerabilities allowing remote alteration of patient insulin dosing in commercial devices. Medtronic’s MiniMed 508 and Paradigm series were formally recalled after FDA warning about wireless hacking vulnerabilities, with approximately 4,000 US patients using affected pumps. The vulnerability resided in the wireless communication channel between pumps and glucose monitors.

Cardiac implantable devices followed a similar trajectory. In 2017, nearly 500,000 wireless pacemakers were recalled due to vulnerabilities that could allow remote manipulation — the first FDA cybersecurity-related medical device recall at scale, covering St. Jude Medical devices later absorbed into Abbott Laboratories. The recall required a firmware update administered via physician visit, exposing the practical challenge of patching devices that were physically implanted in patients. In 2019, Medtronic disclosed that hundreds of thousands of implantable cardiac defibrillators were vulnerable to hacking, with researchers demonstrating the ability to deliver lethal electric shocks via a laptop. Medtronic Carelink cardiac device programmers were separately found to contain vulnerabilities in their internet connection for software updates. Drug infusion pumps completed the triad of vulnerable implantable and bedside devices during this period: the Medtronic Medfusion 4000 pump was identified as containing exploitable security weaknesses, and researchers demonstrated the ability to remotely disable implantable insulin pumps.

The Modern Threat Surface

By 2025, the aggregate scale of the connected medical device problem had grown dramatically. Ninety-nine percent of hospitals were managing Internet of Medical Things devices with known exploited vulnerabilities. The FBI reported that 53 percent of networked medical devices had at least one critical vulnerability. One in five connected medical devices was running an unsupported operating system. Approximately 1.2 million internet-connected healthcare devices were publicly accessible as of August 2025.

The Impella Heart Pump Recall of October 2025 demonstrated that life-critical implantable devices remained within scope of the vulnerability problem. Johnson and Johnson’s Abiomed division issued a correction notice on 10 October 2025 warning that certain Automated Impella Controllers contained network-accessible cybersecurity vulnerabilities that could allow unauthorised users to interfere with the pump’s essential functions. The device could be accessed via hospital network systems or through direct physical access. The recommendation to disconnect affected devices from the network until a security fix became available underscored the operational complexity of responding to medical device vulnerabilities — the remediation itself carries clinical risk.

The ZOLL ePCR advisory of February 2026 illustrated how vulnerabilities extend beyond implantable devices into the clinical data capture infrastructure that surrounds them. CVE-2025-12699, a reflected cross-site scripting vulnerability in the ZOLL ePCR iOS Mobile Application, enabled unauthorised access to protected health information or device telemetry through attacker-controlled strings placed into patient care record fields — run numbers, incident identifiers, call signs, and clinical notes. The local attack vector and low complexity made exploitation accessible to a broad range of adversaries.

April 2026 brought a Grassroots DICOM vulnerability — tracked as CVE-2026-3650 — with immediate operational relevance to hospital radiology infrastructure. A malformed DICOM file of approximately 150 bytes could cause affected systems to allocate 4.2 gigabytes of memory without releasing it, enabling remote unauthenticated denial-of-service attacks against PACS servers, radiology workstations, and any system incorporating the GDCM library as a dependency. Systems affected included 3D Slicer, SimpleITK, Medical Imaging Interaction Toolkit, and Orthanc DICOM servers — platforms widely deployed in hospital radiology and research environments. No patch was available at time of disclosure, and Grassroots DICOM had not responded to CISA’s coordination attempts.

The June 2026 CISA advisory for the Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT demonstrated that patient-facing Bluetooth-enabled devices remained a persistent vulnerability category. Exploitation of the disclosed vulnerabilities could allow an attacker to obtain sensitive health-related information from the device or deny legitimate users — patients and clinicians — the ability to establish a Bluetooth connection. For patients who depend on connected glucometers for insulin management decisions, this type of availability disruption carries direct clinical risk.

FDA Regulatory Response

The regulatory environment for medical device cybersecurity underwent significant transformation across the period covered by this retrospective. In June 2025, the FDA issued final guidance titled “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions,” establishing that failure to maintain cybersecurity processes and procedures constitutes a prohibited act under Section 301(q) of the relevant statute.

The February 2026 guidance update — formally superseding the prior version and aligning with the new Quality Management System Regulation effective 2 February 2026 — introduced binding expectations that manufacturers design out vulnerabilities listed in CISA’s Known Exploited Vulnerabilities catalog before submitting premarket applications. Software Bills of Materials became statutory for “cyber devices,” requiring machine-readable inventories of all software components with support lifecycle dates. Premarket submissions were required to include a Global System View, Multi-Patient Harm View, and Updatability and Patchability View. The incorporation of ISO 13485 by reference into the new QMSR aligned US medical device quality management requirements more closely with international standards — a development with direct implications for European manufacturers selling into the US market and for US manufacturers subject to EU Medical Device Regulation.

Part III: State-Sponsored Espionage Against Healthcare

China-Nexus Operations: UNC6508 and the REDCap Campaign

The most consequential espionage disclosure in the healthcare sector during the period covered by this retrospective was Google Threat Intelligence Group’s June 2026 publication detailing UNC6508, a China-nexus threat actor that conducted a multiyear espionage campaign targeting North American medical, academic, and military research institutions. The earliest known compromise dated to September 2023, with activity observed continuously through November 2025 — a dwell time of more than two years.

UNC6508 gained initial access by exploiting unpatched REDCap servers — a web-based data capture platform extensively used across hospital and university research programmes for clinical trial management, patient registry administration, and translational research workflows. Security researchers observing the campaign noted that the majority of internet-accessible REDCap servers were running outdated software versions at the time of initial exploitation, a finding that speaks directly to the maintenance challenges facing academic medical centres operating complex research infrastructure.

Three months after obtaining initial access, UNC6508 deployed INFINITERED, a modular implant that trojanised legitimate REDCap system files. The implant’s credential harvester captured plaintext usernames and passwords from login requests, encrypted them, and stored them covertly inside the REDCap sessions database — a storage location unlikely to be examined during routine security reviews. The actor subsequently abused Google Workspace email-forwarding rules to silently copy outbound research correspondence to actor-controlled addresses, enabling persistent collection without triggering conventional endpoint detection or network monitoring alerts. Collection priorities spanned medical research data, US and Canadian defence strategy documents, AI research output, and autonomous and uncrewed vehicle programme information. The campaign’s two-year dwell time inside research networks represents a level of patience and tradecraft that distinguishes state-sponsored espionage from opportunistic criminal intrusions and carries direct implications for institutions that rely on conventional perimeter-focused detection.

Multiple additional China-nexus groups have documented healthcare and pharmaceutical targeting in threat intelligence feeds covering this period. APT10 — also tracked as Cicada and Cloud Hopper — has explicitly targeted healthcare organisations in its broad managed service provider compromise campaigns, which affected multiple countries in Europe, North America, and the Asia-Pacific region. APT23 has demonstrated healthcare sector targeting alongside defence and government entities. The breadth of Chinese state-aligned actors touching healthcare suggests coordinated collection requirements across medical research, pharmaceutical intellectual property, and health system operational data.

North Korea: Maui Ransomware and the Medical Research Campaign

North Korean state-sponsored actors occupy a unique position in the healthcare threat landscape — deploying both financially motivated ransomware against hospitals and targeted espionage campaigns against medical research institutions. The Lazarus Group’s “No Pineapple” campaign, documented in February 2023, targeted medical research and technology sector organisations in a focused intelligence collection operation against institutions involved in sensitive biomedical and pharmaceutical research.

APT45, a North Korean group whose malware arsenal includes Maui Ransomware, has been documented deploying that tool specifically against healthcare and public health sector targets — using proceeds from criminal ransomware operations to fund state activities while simultaneously conducting intelligence collection against medical research targets. The combination of criminal and espionage motivations in a single threat actor creates an unusually complex threat model for healthcare security teams, as standard ransomware defences do not fully address the espionage component and standard counterespionage approaches do not address the destructive ransomware risk.

Iran: APT42 and Pharmaceutical Targeting

APT42, an Iranian state-sponsored group with high-confidence attribution, explicitly targets healthcare, pharmaceutical, and education organisations in Australia, Europe, Israel, the Middle East, and the United States. The group maintains 140 known indicators in active threat intelligence feeds and employs techniques including credential phishing, keylogging, and email account compromise to pursue collection against clinical research institutions and pharmaceutical developers engaged in sensitive programmes. The tactical overlap between APT42’s espionage toolkit and the initial access techniques used by financially motivated ransomware groups creates attribution challenges when healthcare organisations detect credential theft campaigns — the apparent motivation may not match the actual actor.

HomeLand Justice, an Iranian group with documented targeting of healthcare and pharmaceutical organisations, maintained active Telegram channels confirmed through dark web monitoring during the period covered by this retrospective. The group’s social media presence suggests an interest in operational visibility alongside technical intrusion — a combination that increases the risk of both data exfiltration and public exposure of stolen information.

Russia: Prepositioning and Critical Infrastructure Targeting

The UK National Cyber Security Centre’s chief executive warned in June 2026 that 75 percent of cyberattacks on UK critical infrastructure — which explicitly includes National Health Service networks — originated from nation-state actors, with hostile states actively prepositioning across British networks for potential future conflict. While the prepositioning described by the NCSC is not exclusively healthcare-focused, the NHS’s scale and connectivity to research, pharmaceutical, and administrative systems makes it a high-value target for Russian and other state actors seeking pre-conflict infrastructure access.

Part IV: EHR, Health IT, and Cloud Breaches

Insider Threats: The Persistent Complement to External Intrusions

The UK Information Commissioner’s Office cautioned a hospital worker in June 2026 after an attempt to access and sell the Princess of Wales’s medical records. The worker escaped criminal prosecution, with the ICO determining a formal caution was the proportionate response under current legislation. The case attracted significant media attention and drew comment from privacy practitioners regarding the tension between enforcement proportionality and deterrence in healthcare insider-threat cases.

The incident is far from isolated. Healthcare workers hold privileged access to systems containing some of the most sensitive personal information that exists — information that commands significant value on criminal markets and that attracts both opportunistic insiders and those who may be approached or coerced by third parties including intelligence services and organised crime. Insider threat programmes within healthcare organisations must address the full spectrum of motivation: financial gain, curiosity, ideological commitment, and external coercion.

Credential Exposure and Perimeter Breach

The FortiBleed campaign, fully disclosed in June 2026, illustrated how credential exposure at network perimeter devices translates directly into healthcare risk. Russian-speaking threat actors compromised approximately 73,932 to 86,000 FortiGate firewall and VPN devices — harvesting and cracking administrative and SSL VPN credentials from exported configuration files using a 45-GPU cracking cluster. Healthcare organisations that rely on FortiGate appliances for perimeter access and remote clinical connectivity are required to treat all credentials from affected devices as compromised. The scale of the credential exposure — affecting devices across virtually every sector and geography — means that healthcare security teams cannot assume their specific devices were unaffected without explicit verification.

Espionage as a Data Breach Vector

The UNC6508 campaign described in Part III is also properly understood as a category of health data breach — the systematic exfiltration of medical research data, clinical trial information, and patient registry data from institutions that did not detect the intrusion for more than two years. The traditional breach notification framework, oriented toward incidents with a definable start and end point, struggles to accommodate persistent espionage operations in which data is continuously exfiltrated over extended periods. This represents a regulatory gap that existing frameworks have not fully addressed.

Part V: Pharmacy and Healthcare Supply Chain

Vendor Stack Compromise as a Force Multiplier

CYFIRMA’s threat landscape report published in June 2026 identified a shift in ransomware group tactics that carries significant implications for healthcare supply chain security. Rather than targeting individual hospitals, which require individual attacks to compromise, ransomware groups have increasingly moved up the vendor stack to strike logistics providers, pharmacy benefit platforms, and clinical software distributors. A single compromise of a major healthcare IT vendor or pharmacy benefit manager cascades simultaneously into multiple downstream hospital networks — providing the attacker with leverage against hundreds of organisations for the cost of a single intrusion.

The bulletproof hosting infrastructure operated by PFCloud — documented in February 2026 CIRCL OSINT feeds — specifically served ransomware operations targeting sectors including health and pharmacy. The infrastructure-as-a-service model for ransomware support, in which specialised actors provide hosting and operational support to ransomware groups, has lowered the technical barrier for targeting complex sectors like healthcare supply chains.

AI Infrastructure Supply Chain Risk

The LiteLLM supply chain attack of March 2026, while not healthcare-specific in its targeting, illustrated the emerging risk category of AI infrastructure compromise for healthcare organisations. LiteLLM, a Python LLM proxy gateway downloaded approximately 3.4 million times per day, serves as critical infrastructure in the AI stack for organisations deploying large language model applications. The attack chain — beginning with the compromise of Aqua Security’s Trivy vulnerability scanner on 19 March, pivoting through Checkmarx’s code analysis platform, and ultimately obtaining PyPI publishing credentials of a LiteLLM maintainer — introduced credential-stealing malware into versions 1.82.7 and 1.82.8 before removal from PyPI approximately three hours later.

Healthcare organisations deploying AI agents, LLM systems, or AI-assisted clinical decision support tools are exposed through their software dependencies in exactly the same way as any other enterprise adopter — and the sensitivity of the data processed by healthcare AI systems means that credential theft or malicious payload execution in that context carries elevated consequence compared with the same compromise in a less sensitive environment.

Part VI: Threat Actor Landscape

Ransomware Groups with Primary Healthcare Focus

INC ransomware, operating as a mature ransomware-as-a-service platform with healthcare-specialised affiliate recruitment, has accumulated more than 830 confirmed victims since its emergence in 2023. Healthcare consistently represents one of its primary targeting verticals. INC affiliates obtain initial access through phishing and VPN credential theft before establishing persistent footholds, conducting extended reconnaissance, and deploying encryption payloads timed for maximum operational disruption — typically overnight or over weekends when incident response capacity is reduced. The group’s operational maturity and deliberate sector focus have made it one of the defining ransomware threats to healthcare in the 2024–2026 period.

Qilin — a Go-based ransomware group also tracked as Agenda in OpenCTI — demonstrates a sustained preference for healthcare targets because of the sector’s intolerance for operational downtime. Using SystemBC as a proxy network for command-and-control, Qilin applies double-extortion combining file encryption with data theft and threatened publication. By mid-June 2026, Qilin had accumulated 168 healthcare victims — placing it among the most prolific healthcare-focused ransomware operators in documented history. CheckPoint Research named Qilin alongside INC as the two most prolific ransomware operators of 2026.

Lynx ransomware, which claimed ACN Healthcare in April 2026, operated throughout this period as a healthcare-targeting group and was identified by FBI IC3 alongside Akira as a top ransomware variant affecting critical infrastructure in 2025. The Anubis group, responsible for the April 2026 Signature Healthcare attack, demonstrated the ability to cause significant clinical disruption — ER diversion, chemotherapy cancellation, pharmacy disruption — and sustained operational impact across a two-week recovery window.

Nation-State Actors

The threat actor database covering this period includes multiple APT groups with documented healthcare and pharmaceutical targeting:

APT42, attributed to Iranian state sponsorship, targets healthcare, pharmaceutical, and education sectors across multiple continents with credential phishing and espionage tooling. APT45, attributed to North Korea, specifically deploys Maui Ransomware against healthcare and public health targets. Lazarus Group, also North Korean, conducted the “No Pineapple” medical research targeting campaign. UNC6508, attributed to China by Google Mandiant, conducted the multiyear REDCap espionage campaign. Multiple other Chinese APT groups — APT10, APT23, and others — have documented healthcare targeting in their broader sector profiles.

The breadth of nation-state interest in healthcare data spans several collection requirements: medical research intellectual property, pharmaceutical compound and clinical trial data, patient records of high-value individuals, health system operational data relevant to critical infrastructure pre-positioning, and biodefence research. Each of these collection requirements maps to a different category of healthcare institution — academic medical centres, pharmaceutical developers, high-security health facilities, hospital networks, and research institutes — creating a threat environment in which virtually every type of healthcare organisation is a potential target for at least one nation-state actor.

Financially Motivated Groups Exploiting Healthcare

WOLF SPIDER — also tracked as FIN4 — actively harvests credentials and intellectual property from pharmaceutical and healthcare organisations using spear-phishing and credential-stealing techniques. The group’s toolkit emphasises keylogging and browser credential theft without deploying destructive payloads, making infections difficult to detect during the collection phase. The absence of destructive payloads also means that WOLF SPIDER infections may persist undetected in healthcare environments for extended periods, enabling systematic intellectual property theft without triggering the incident response processes that visible ransomware attacks trigger.

MUMMY SPIDER operates a network of loaders and banking trojans that routes through healthcare, retail, and financial targets as distribution infrastructure. The Gentlemen group’s GentleKiller suite — a mature EDR-killing framework that targets more than 400 distinct security processes — has been explicitly connected to healthcare targeting. Healthcare environments with resource-constrained security teams and legacy operating systems across medical device networks are particularly exposed to EDR-evasion techniques of this sophistication. The disabling of endpoint detection before encryption payload deployment reduces the window for incident response to hours rather than days.

Part VII: Regulatory and Compliance Landscape

United States: FDA and HHS

The FDA’s trajectory on medical device cybersecurity moved from voluntary guidance to statutory requirement during the period covered by this retrospective. The June 2025 guidance established that failure to maintain cybersecurity processes constitutes a prohibited act under federal law. The February 2026 update introduced binding SBOM requirements, premarket submission documentation standards, and alignment with ISO 13485 through the new Quality Management System Regulation. Manufacturers now face a regulatory environment in which cybersecurity must be addressed at the design stage rather than addressed through post-market patches — a fundamental shift in how device security is governed.

HHS Health-Cyber-3 advisories covering the period 2023–2026 addressed an expanding range of threats including North Korean ransomware targeting, Chinese espionage campaigns, medical device vulnerabilities, and supply chain risks. The HC3 programme represents the US government’s primary mechanism for translating threat intelligence into actionable guidance for healthcare security teams, operating at a level of sector specificity that generic CISA advisories do not always achieve.

European Union

The Network and Information Security 2 Directive — NIS2 — expanded the scope of mandatory cybersecurity obligations for healthcare operators in the European Union. Organisations previously outside the scope of the original NIS directive are subject to increased obligations covering risk management, incident reporting, supply chain security, and cybersecurity governance. The directive’s essential entity classification covers hospitals and other healthcare providers meeting size thresholds, imposing requirements including 24-hour incident notification and potentially significant financial penalties for non-compliance.

The EU Medical Device Regulation and In Vitro Diagnostic Regulation, which completed their phase-in periods during this timeframe, impose post-market surveillance and vigilance reporting obligations on device manufacturers that increasingly overlap with cybersecurity incident reporting. Manufacturers of connected devices face the possibility that a cybersecurity vulnerability disclosed to CISA or the FDA simultaneously triggers vigilance reporting obligations under EU MDR — creating a complex multi-jurisdictional compliance landscape.

United Kingdom

The ICO’s response to the Princess of Wales medical records insider incident highlighted the tension between proportionate enforcement and deterrence. The decision to caution rather than prosecute a healthcare worker who had attempted to sell a public figure’s records drew criticism from privacy practitioners who argued that the caution sends an insufficiently deterrent message in a sector where insider access to sensitive records is ubiquitous. The NCSC’s June 2026 warning that 75 percent of critical infrastructure cyberattacks — including those targeting NHS networks — originate from nation-state actors added urgency to healthcare cybersecurity investment arguments at a board and government level.

Part VIII: Defensive Priorities

The threat landscape documented across this retrospective points to several defensive priorities that healthcare organisations should address as a matter of urgency, informed by the patterns of actual attacks and attacker behaviour observed over the 2023–2026 period.

Patch management for internet-facing research infrastructure: The UNC6508 campaign exploited unpatched REDCap servers over a period of years. Any internet-facing research platform — clinical trial management systems, patient registry platforms, EHR portals, and health IT management interfaces — should be subject to rigorous patch management with explicit verification that updates have been applied. The majority of internet-accessible REDCap servers observed during the campaign were running outdated versions at the time of exploitation.

Medical device inventory and vulnerability management: With 99 percent of hospitals managing IoMT devices with known exploited vulnerabilities, the gap between device vulnerability and remediation represents one of the most acute risk concentrations in the entire attack surface. Healthcare security teams should maintain complete inventories of networked medical devices, map those inventories against CISA’s Known Exploited Vulnerabilities catalog, and implement compensating network isolation controls for devices that cannot be patched on timely schedules. Connected devices running unsupported operating systems should be treated as compromised until isolation or replacement is achieved.

Credential hygiene and perimeter device security: The FortiBleed campaign demonstrated that widely deployed perimeter devices can become mass credential exposure events. Healthcare organisations should treat network device credentials as subject to the same rotation schedules and multi-factor authentication requirements as enterprise user credentials — and should assume that any FortiGate appliance in production without verified configuration review is at risk of credential compromise.

Backup and recovery testing: The ransomware incidents documented in this retrospective — particularly the University of Mississippi Medical Center, Signature Healthcare, and Covenant Health cases — demonstrate that healthcare organisations without tested offline backup and recovery procedures for critical clinical systems face multi-week recovery timelines that directly harm patients. Backup testing should include not merely confirmation that data can be restored, but tabletop and live exercises that confirm clinical staff can maintain safe care delivery using downtime procedures throughout the recovery window.

Insider threat programme development: The Princess of Wales records case and the broader pattern of healthcare data theft suggest that insider threat programmes in healthcare should address not only malicious insiders but also insiders who may be approached or coerced by external parties including intelligence services. Access monitoring for high-profile patient records, anomaly detection on record access patterns, and clear reporting mechanisms for staff who are approached by third parties are all components of an effective healthcare insider threat programme.

Email security and email forwarding rule auditing: UNC6508’s use of Google Workspace email-forwarding rules to silently exfiltrate research correspondence should prompt immediate review of email forwarding rules across healthcare and research organisations. Rules forwarding email to external addresses should be audited, unexplained rules removed, and alerting implemented for the creation of new external forwarding rules. This is a low-cost, high-value defensive measure that directly addresses one of the most effective exfiltration channels used by the most sophisticated actors targeting healthcare.

Supply chain security for clinical software and AI infrastructure: The LiteLLM supply chain attack and the CYFIRMA analysis of vendor stack compromise patterns indicate that healthcare organisations must extend their security evaluation beyond direct vendors to the upstream dependencies on which clinical software relies. Software composition analysis for clinical applications and AI systems deployed in healthcare environments should be routine.

Sources and Intelligence Basis

This retrospective draws on the following primary sources:

  • FBI Internet Crime Complaint Center 2025 Annual Report, April 2026
  • Google Threat Intelligence Group: UNC6508 healthcare espionage campaign disclosure, June 2026
  • CISA ICS Advisory ICSMA-26-083-01: Grassroots DICOM CVE-2026-3650, April 2026
  • CISA ICS Advisory ICSMA-26-041-01: ZOLL ePCR CVE-2025-12699, February 2026
  • CISA Advisory: Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT, June 2026
  • CISA Advisory: FortiGate credential hardening guidance, June 2026
  • FDA Final Guidance: Cybersecurity in Medical Devices — Quality Management System Considerations, February 2026
  • FDA Final Guidance: Cybersecurity in Medical Devices — Quality System Considerations and Content of Premarket Submissions, June 2025
  • CheckPoint Research: Weekly Threat Intelligence Reports, 2026
  • CYFIRMA: Healthcare Sector Threat Landscape Report, June 2026
  • UK NCSC / Infosecurity Magazine: Nation-state actors responsible for 75 percent of critical infrastructure attacks, June 2026
  • ICO: Caution issued to healthcare worker in Princess of Wales medical records case, June 2026
  • HIPAA Journal: Covenant Health breach notification, 2026
  • SecurityWeek: Majority of Internet-Accessible REDCap Servers Outdated, June 2026
  • Dark Reading: INC Ransomware Thrives by Mastering the Basics, June 2026
  • ESET: Inside The Gentlemen’s EDR Killer Framework, June 2026
  • Recorded Future: FortiBleed Campaign, June 2026
  • Cisco Talos: Espionage campaigns targeting EU health care agency, March 2023
  • Mandiant / ESET: No Pineapple — DPRK Targeting of Medical Research, February 2023
  • CIRCL OSINT Feed: PFCloud bulletproof hosting serving healthcare ransomware, February 2026
  • OpenCTI / gizur-misp: Threat actor profiles and indicators, 2023–2026
  • Weekly cybersecurity summaries published at this site, November 2024 – June 2026