Why Healthcare is a Hacker’s Data ‘Treasure Trove’

Healthcare organizations are not only privy to some of their clients’ most personal issues, but they also require an array of personally identifying information to maintain accurate records and streamline payment.

This makes them a high-value target for hackers using ransomware attacks: On Monday, DaVita, a provider of dialysis services, was hit with a ransomware attack that encrypted and separated certain elements of its network, disrupting some of the company’s operations. The incident adds to a growing list of healthcare breaches at organizations from UnitedHealth to NHS London and Laboratory Services Cooperative, which provides services to Planned Parenthood in 31 states. 

“(Healthcare) is the number one target,” said Dr. Darren Williams, CEO of cybersecurity firm BlackFog. “The reason it’s number one is because they’ve invested the least amount in cyber security protection.” 

According to BlackFog’s latest State of Ransomware report, healthcare, government and the services industry made up close to 47% of all attacks in the first quarter of 2025. Ransomware attacks broadly are up 45% year over year, BlackFog reported. 

• Healthcare organizations in particular harbor a “treasure trove” of data that’s highly valuable to cyber criminals, said Williams, allowing them to easily extort both the healthcare systems themselves and the individuals impacted. The personal nature of the data also opens the door for threat actors to commit medical fraud, he said.
• “The value of that data is just insane,” said Williams. “There’s just so many ways you can leverage that data, and it’s relatively easy to get.” 

There are a few reasons that healthcare systems tend to be easier to crack, he added. While large, corporate healthcare organizations tend to have better cybersecurity protocols, smaller hospitals are all “miniature silos” with aging infrastructure and weak security. These small organizations often provide the cracks that leave larger organizations vulnerable. 

“Legacy infrastructure is a big problem in healthcare,” said Williams. “We see regularly that these institutions are often still using Windows 7…. The amount of security holes in that is huge.” 

AI is making it easier than ever for threat actors to find the cracks, said Williams: Even organizations that have invested in cybersecurity protocols may be vulnerable to increasing “zero-day” attacks, which hackers are using more often to exploit newly discovered vulnerabilities before organizations have a chance to patch them. “That’s why vendors are all about using AI on the good side. It’s an arms race, effectively,” he said.

Healthcare organizations – and enterprises broadly – can learn from their mistakes, however. The first step is “basic hygiene,” Williams said. Things like multifactor authentication, password security and switching on firewalls are often forgotten as the first line of defense. 

The next step is keeping systems updated and regularly patched, said Williams, and having good cybersecurity protocols in place to mitigate damaging domino effects. “It only takes one weak spot,” said Williams.