The accelerated adoption of tools such as artificial intelligence in companies is transforming business models and security management. However, advances such as AI are also expanding the exposure surface of organizations, generating new cybersecurity risks that impact critical areas such as the healthcare sector and the healthcare ecosystem.

According to the latest data obtained by Secure&IT, a company specialized in information security, in 2025, 7,979 cyberattacks were registered globally, 42% more than the previous year, of which 535 targeted the health sector. “These attacks on the health sector represent approximately 7% of the total cyberattacks. This volume places the health sector among the most attacked, along with services, industry and finance,” indicates Francisco Valencia, general director of Secure&IT.

Furthermore, according to IBM’s Cost of a Data Breach 2024 report, this sector continues to be the most affected by security incidents globally for the fourteenth consecutive year, with an average cost per breach that exceeds 10 million dollars, almost 8.5 million euros. In Europe, ENISA places the health sector among the main targets of ransomware attacks, a trend that continues to grow year after year and that directly affects health systems.

Digitalization: progress in the health sector, but more cybercrime

The digitalization of the healthcare sector has improved clinical efficiency and patient care, but it has also multiplied entry points for cybercriminals. Currently, hospitals and healthcare organizations depend on multiple critical applications whose security is key to guaranteeing continuity of care and the protection of health services.

“Systems such as electronic medical records concentrate large volumes of highly sensitive information, which makes them a priority target for data theft or ransomware attacks. Medical imaging platforms such as PACS systems, essential for diagnosis, can be subject to interruptions or manipulations, directly affecting clinical activity and health services,” explains Valencia.

Added to this exhibition are connected medical devices, which are increasingly present in hospital environments, as well as telemedicine platforms, whose use has been consolidated in recent years. Both environments expand the attack surface and pose challenges in terms of privacy, authentication, and communications protection in the digital health space.

“The cyber intelligence reports that we prepare at Secure&IT reflect real incidents in this area, such as attacks on medical device manufacturers or leaks of sensitive clinical data, showing that the risk is not theoretical, but a growing reality for the health sector,” the company indicates.

Artificial intelligence redefines cybersecurity in the health sector

This technology is already a key tool in any sector. Improves detection and response to incidents, allowing you to analyze large volumes of data and anticipate attacks. However, this same technology is also being used by cybercriminals to automate campaigns, perfect phishing techniques or identify and exploit vulnerabilities more quickly, significantly reducing the barriers to entry to cybercrime, also in health organizations.

“Added to this duality is a critical factor: its adoption in corporate environments is not always accompanied by adequate controls. Our analyzes ensure that almost a quarter of organizations use generative AI without formal controls, which increases the risk of information leaks or misuse of data,” explains the general director of Secure&IT.

In the healthcare sector, this context takes on a particularly sensitive dimension. The impact of a cyberattack goes beyond the technological or economic. The paralysis of systems, the manipulation of data or the unavailability of services can directly affect the continuity of care, patient safety and the functioning of health services.

In 2025, 7,979 cyberattacks were recorded globally, of which 535 targeted the health sector

“AI is changing the rules of the game. It allows us to improve defense, but it also reduces the entry barriers for attackers. The real risk is in implementing it without a security approach by design. In environments such as healthcare, this is especially critical, because an incident not only affects the systems, but also people and health care,” says Francisco Valencia.

The health sector faces new challenges: innovate without compromising safety

The advancement of AI and digitalization in the health sciences sector poses a key challenge: balancing innovation and resilience. The coexistence of modern systems with legacy infrastructures, along with the increasing interconnection of devices and platforms, makes it difficult to comprehensively protect these health environments.

New European regulations such as NIS2 aim to strengthen security in critical sectors, but the challenge remains strategic and focuses on integrating cybersecurity as a central element in the digital transformation of health.

“In this sense, AI represents an opportunity to improve efficiency and quality of care in the health sciences sector. However, it also redefines the threat landscape and requires a change of approach in terms of cybersecurity. At this point, it is very important for organizations to monitor their AI systems. And in this environment, where data is critical and the availability of systems can make the difference between normality and crisis, protecting information is also protecting the health of patients,” concludes the general director of Secure&IT.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.