Is Health Tech Losing the Cybersecurity Battle to Bad Tech or Bad Habits?
Introduction
Cyberattacks on U.S. health tech companies have reached an all-time high, making 2024 one of the most severe years on record.
The Department of Health and Human Services (HHS) documented 720 healthcare data breaches, affecting 186 million records.
This represents a 9% increase in compromised records compared to 2023.
These breaches targeted telemedicine providers, medical device manufacturers, and third-parties (i.e., business associates,) key players in the digital health ecosystem.
More than 520 breaches impacted healthcare providers, while 120 breaches affected business associates, including telehealth platforms and device makers.
By late 2024, the American Hospital Association (AHA) tracked 386 cyberattacks on the health sector, signaling that 2023’s record-breaking cybercrime wave is continuing into 2025.
These incidents range from patient data theft to ransomware attacks that cripple entire healthcare networks, reinforcing the urgent need for stronger cybersecurity in health tech.
The Impact of Healthcare Cyberattacks on Patients
The scale of recent breaches is unprecedented, 53% of the U.S. population had their health data exposed in 2024.
Telemedicine users and medical device patients are particularly vulnerable.
For example, the ConnectOnCall telehealth breach compromised the records of over 914,000 patients.
These incidents are yet more indicators that cybersecurity threats in digital health directly affect patient safety, privacy, and trust.
Key Question: Are these breaches primarily driven by technology gaps or by fundamental operational issues?
As health tech innovators, it’s essential to understand whether these breaches stem from technology gaps (outdated systems, insecure APIs, lack of encryption) or operational failures (insufficient training, weak access controls, compliance violations).
The following analysis explores key cybersecurity vulnerabilities in health tech, backed by breach statistics, case studies, and expert insights from 2023–2024.
Technology Gaps: The Weak Links in Health Tech Security
Legacy Systems & Unpatched Vulnerabilities
Many breaches stem from outdated software and unpatched systems.
In 2023–2024, 14% of healthcare breaches were caused by exploited software vulnerabilities, a staggering 180% increase year-over-year.
Ransomware groups like Clop targeted unpatched systems, exploiting zero-day vulnerabilities in MOVEit and GoAnywhere.
Many health tech firms rely on legacy IT and medical device firmware, which lack modern security features.
Cybercriminals actively exploit outdated technology in healthcare, recognizing it as an easy target.
API & Telehealth Platform Vulnerabilities
Telemedicine platforms rely on APIs for video visits, patient portals, and remote monitoring.
However, many APIs lack proper security.
100% of tested healthcare API endpoints in a recent study were vulnerable to Broken Object Level Authorization (BOLA) attacks.
This type of weakness allows an attacker to simply manipulate IDs in API calls to access or even alter other patients’ records.
Insecure API design was shown to potentially grant clinician-level access to unauthorized users, meaning an attacker could edit medical histories or issue prescriptions.
The real-time nature of telehealth adds risk here: an intruder exploiting a software bug could quietly siphon data or eavesdrop on visits without immediate detection.
The ConnectOnCall breach in 2024 was a prime example, attackers had undetected access to patient data for nearly three months.
Lack of Encryption & Data Protection
While encryption has improved in healthcare, many breaches still occur due to unencrypted databases and poor data security.
The 2024 Change Healthcare breach, the largest healthcare breach in history resulted in 100 million stolen patient records, likely due to inadequate encryption or network segmentation.
The HHS’s 2024 proposed HIPAA Security Rule update will soon require encryption for all patient data at rest and in transit.
Case Study: Medical Device Manufacturer Breach
Medical device makers are prime targets for cyberattacks.
In late 2024, cardiac device manufacturer Artivion was hit by a ransomware attack, forcing order shipments to be delayed and disrupting heart surgeries.
Attackers likely exploited unpatched software or compromised credentials.
Similar breaches affected Zoll Medical and Henry Schein, both major medical device companies.
The Zoll Medical breach in 2023 exposed over 1 million LifeVest defibrillator patient records, raising concerns about device security flaws.
Bottom Line: Technology gaps whether in the form of legacy systems, software vulnerabilities, or weak technical controls, have been a primary enabler of the biggest healthcare breaches.
In 2024, 11 of the 13 largest health data breaches (each over 1 million records) were caused by hacking/IT incidents by external cybercriminals.
These incidents exploit the technical weaknesses in systems.
Telemedicine providers and device makers must therefore invest in modernizing IT systems, rigorous vulnerability management, secure development practices (for APIs/apps), and strong encryption.
Closing these gaps can shut many of the doors that attackers have been kicking open.
Operational Failures: The Human Factor in Cybersecurity
Employee Training & Phishing Risks
Human error remains the biggest cybersecurity weakness in healthcare.
Verizon’s 2024 DBIR found that 68% of healthcare breaches involved human error.
Only 16% of healthcare employees felt confident identifying phishing scams.
Insider Threats & Access Management Failures
Unauthorized access and privilege misuse are major threats:
Geisinger Health’s 2024 breach exposed 1.27 million patient records after an ex-contractor retained login access for two extra days.
70% of healthcare breaches involve insiders whether through errors or malicious activity.
Policy Oversight & Compliance Gaps
Weak regulatory compliance has led to self-inflicted breaches.
Kaiser Foundation Health Plan’s 2024 breach affected 13.4 million patients due to improper use of tracking pixels that sent patient data to third parties.
Cerebral’s mental health telehealth breach (2023) resulted in an FTC investigation over privacy violations.
Conclusion: Which Poses the Greater Risk and Why?
Operational/Human Factors arguably present the broadest risk day-to-day.
They are implicated in the majority of breaches (by count) and are a factor in virtually every cyber incident in some form.
A well-known adage is that “humans are the weakest link in cybersecurity.”
Even with advanced malware swirling, simple mistakes like a clicked phishing email, a weak password, or an unchecked user permission often serve as the attackers’ gateway.
For organizations that are innovative yet pragmatic, this is a reminder that fancy security tech cannot compensate for a workforce that isn’t security-conscious.
Investing in security training, enforcing disciplined processes (like access reviews, incident response playbooks, compliance audits), and fostering an internal culture of security is likely to yield high returns in breach prevention.
In other words, employees are your biggest cybersecurity liability.
Key Cybersecurity Takeaways for Health Tech Leaders
Upgrade legacy systems and enforce rigorous software patching.
Secure telehealth APIs against unauthorized access.
Implement end-to-end encryption for patient data.
Strengthen insider threat monitoring and enforce strict access controls.
Provide continuous security training to employees and vendors.
Hire a fractional CISO to evaluate your cybersecurity strategy from a holistic perspective.
Cybercriminals are evolving and so must the security strategies of health tech innovators.
Health tech leaders must adopt a HOLISTIC cybersecurity strategy that addresses both technology vulnerabilities and human factors to protect the future of digital healthcare.
I help teams build secure systems to manage threats efficiently.
Let’s talk.
