This Year So Far: US Healthcare Faces Looming Security Challenges

184 million Americans had their medical records stolen in data breaches during 2024, the worst year on record for the industry. US healthcare providers are under constant attack because medical records can be resold on the dark web and ransomware attacks are especially lucrative.
In this post, we look at some recent breaches where healthcare providers’ security measures failed to protect them.
Sunflower Medical Group
This multi-specialty healthcare provider with four care centers in Kansas recently reported a major data breach. The Rhysida ransomware group exploited vulnerabilities in its networking infrastructure to steal personal and medical data belonging to more than 220,000 service users between December 2024 and January 2025. (The group claims the number is 400,000 but naturally, we don’t trust them.)
The specific method they used hasn’t been disclosed but ransomware attacks like this one often begin with phishing emails, compromised credentials (sometimes due to a lack of multifactor authentication), or exploitation of unpatched software vulnerabilities.
Another potential avenue of attack is JavaScript injection. This involves attackers injecting malicious code into a web application or page. If a system or website has poor input validation or sanitization, it can execute arbitrary scripts designed to steal session cookies, redirect users to malicious sites, or download malware onto a victim’s device.
Hillcrest Convalescent Center
This center in Durham, North Carolina, experienced a data breach affecting 106,194 individuals. Suspicious network activity was first observed in June 2024 but the extent of the breach wasn’t confirmed until February 2025. The compromised information included sensitive personal and medical data such as names, dates of birth, Social Security numbers, medical and treatment information, healthcare provider details, and health insurance information.
Hillcrest secured its systems and called in third-party cybersecurity experts to investigate. On March 3, 2025, the center began notifying affected individuals, offering them 12 to 24 months of complimentary credit monitoring and identity restoration services. These are just some of the costs that will accrue when dealing with a data breach, and they help to explain the average of $9.77 million per incident in the health industry (and possible HIPAA violation penalties can reach $50,000 per affected record too).
At this point, there is no evidence of the data being misused, but law firms like classaction.org are now investigating the potential for class action lawsuits and seeking to hear from affected individuals.
Gastroenterology Associates of Central Florida (dba Center for Digestive Health)
This digestive health specialist organization operates six offices in Orlando and the surrounding areas, as well as four locations under the name Center for Digestive Endoscopy.
On April 11, 2024, it discovered a significant data breach affecting 122,437 people. The compromised information included sensitive personal data such as names, Social Security numbers, dates of birth, and health information. An investigation determined that an unauthorized party had accessed and acquired files containing patient information between April 1, 2024, and April 14.
It took steps to secure its network and is offering affected individuals 12 months of complimentary credit monitoring and identity protection services.
BianLian ransomware group claimed responsibility for the attack in May 2024, adding the Center for Digestive Health to their dark web leak site. They claimed to have stolen 2.2 terabytes of data.
Community Care Alliance
The Rhode Island-based organization noticed suspicious network activity on July 6, 2024, and discovered unauthorized access to its network had occurred between July 1 and July 5, 2024.
The Rhysida ransomware group claimed responsibility for the attack, alleging that they had exfiltrated a 2.5-terabyte SQL database containing sensitive information. On January 8, 2025, Community Care Alliance confirmed that sensitive data had been exposed and potentially stolen during the breach.
The incident affected 114,975 individuals, compromising a wide range of personal and medical information. This included names, addresses, dates of birth, driver’s license numbers, Social Security numbers, medical details such as diagnoses, lab results, medications, and patient ID numbers, as well as health insurance information and provider names.
Ascension Ransomware Attack
Ascension, one of the largest healthcare systems in the U.S., suffered a ransomware attack in May 2024 that affected 142 hospitals across multiple states, and leaked the patient data of 5.6 million individuals. It began when an employee inadvertently downloaded a malicious file, likely mistaking it for legitimate content. The attack severely disrupted Ascension’s operations, including its MyChart electronic health records system, phones, and systems for ordering tests, procedures, and medications. To contain the breach, devices were taken offline on May 8, leading to the temporary suspension of non-urgent procedures and tests, manual tracking of patient data, and diversion of emergency services to other facilities.
Although attackers only accessed files on seven of its 25,000 servers, they contained sensitive data, including Protected Health Information (PHI) and Personally Identifiable Information (PII) for certain individuals. With its vast network of hospitals and care facilities across the U.S., Ascension is still working to restore full functionality to its affected systems.
With attacks like these, bad actors first need to gain entry, and they often attempt to compromise third-party web applications and code to do so. That’s why continuous monitoring for healthcare is crucial, as it detects both and issues alerts for suspected malicious changes. It’s an essential solution for keeping any healthcare provider’s web infrastructure in the best of health.
Prevention Strategies and Industry Trends
While healthcare organizations continue to face significant cybersecurity challenges, industry experts are advocating for several key strategies to mitigate risks:
Zero Trust Architecture: The healthcare sector is increasingly adopting zero trust principles, which operate on the assumption that threats exist both inside and outside the network. This approach requires verification for anyone trying to access resources on the network, regardless of their position or previous access privileges.
Improved Staff Training: Human error remains a major vulnerability, as demonstrated by the Ascension case where an employee downloaded a malicious file. Progressive organizations are implementing more sophisticated security awareness training programs that go beyond annual compliance courses to include simulated phishing attacks and real-time feedback.
Third-Party Risk Management: As healthcare systems become more interconnected with vendors and partners, managing third-party risk has become crucial. The most secure organizations are implementing rigorous vendor assessment protocols and continuous monitoring of third-party access.
AI-Powered Threat Detection: Artificial intelligence and machine learning tools are enabling faster detection of anomalous behavior that might indicate a breach in progress. These technologies can analyze patterns across millions of data points to identify potential security incidents before significant damage occurs.
Regulatory Response: Following the record-breaking breaches of 2024, industry observers anticipate stricter HIPAA enforcement and potentially new federal regulations specifically addressing ransomware attacks on healthcare providers. Several states have already begun implementing more stringent data protection laws that exceed federal requirements.
The trend toward increased investment in cybersecurity is notable, with healthcare organizations now allocating an average of 6-8% of their IT budgets to security, up from 4-5% in previous years. Despite these improvements, the gap between sophisticated threat actors and healthcare defense capabilities remains concerning, particularly for smaller providers with limited resources.
Final Thoughts
As we continue through 2025, the healthcare sector remains firmly in the crosshairs of cybercriminals. The breaches highlighted in this article represent just a fraction of the ongoing attacks targeting patient data and critical healthcare infrastructure. While the industry is responding with improved security measures and increased investment, the sophistication of threat actors continues to evolve in parallel. For healthcare providers of all sizes, cybersecurity can no longer be an afterthought but must be a fundamental component of operational planning and risk management. The stakes—patient trust, operational continuity, and financial stability—are simply too high to ignore. As regulatory requirements tighten and attack methods become more advanced, a proactive, multi-layered approach to security will be essential for healthcare organizations hoping to avoid becoming the next headline.
Subscribe to our newsletter
Stay updated with the latest news, articles, and insights from Reflectiz.
Your Website looks great!
But what’s happening behind the scenes?
Discover your website blind spots and vulnerabilities before it’s too late!