CyberCX report reveals growing risk of cyber attacks against health organisations

Melbourne, Australia – 7 March 2025

CyberCX, Australia and New Zealand’s leading cyber security provider, has released its industry insights report into cyber threats against the healthcare sector highlighting the growing risk of cyber attacks against health organisations.

The report names AI as the cyber opportunity and threat driver to watch in 2025, urging healthcare organisations to proactively engage with the upsides creating by securely integrating the technology, while also appreciating the way that it is accelerating cyber threat actor activity.

Cyber attacks against this vital industry can disrupt patient care, distract from the core business of supporting unwell and vulnerable people, and harm community trust in digital health.

Key findings in the report include that:

• Non-hospital clinical providers are by far the sub-sector most targeted by cyber criminals, with almost 10x the number of publicly claimed attacks compared to the next most targeted sub-sector, hospitals.
• Rapid digitisation of healthcare services in low-to-moderate cyber maturity environments is generating an explosion of “tech debt” and legacy systems, which threat actors are actively exploiting.
• Health insurers are seeing their cyber risk profiles grow as they pursue growth strategies that prioritise vertically integrated care across GP clinics, dental, optical and other services which generally operate with lower cyber maturity.
• Research institutes are the only sub-sector where nation-states are a bigger threat than financially motivated criminals, with foreign government intelligence services increasingly invested in stealing population-level data and research data, especially in breakthrough areas like biotechnology and genomics.

As cyber security leaders grapple with a deteriorating threat environment and budget constraints, CyberCX recommends that organisations prioritise programs that address:

1. Plans to understand and address tech debt and legacy systems,
2. Establishing robust AI governance to address information security risks associated with AI, and
3. Mapping and mitigating technology supply chain risks posed by third parties.

These findings follow the recent release of CyberCX’s 2025 Threat Report, which revealed CyberCX responded to more cyber incidents impacting healthcare than any other sector – for the second year in a row.

CyberCX’s Healthcare Industry Lead and report author, Megan Lane, said, “the delivery of safe modern medicine is underpinned by secure technology – there are few other sectors where decisions about technology and security have the ability to so profoundly impact human lives and wellbeing.”

“Just as AI has the potential to revolutionise the way we diagnose and treat ill and vulnerable people, cyber threat actors are looking at how this technology can help them accelerate and better target their efforts.”

“Health professionals all know that prevention is better than the cure, and the same is true for cyber security.”

“A strong, safe, and secure health system is what patients and the broader community need and deserve.”

You can access the full report here: https://cybercx.com.au/resource/diagnosing-cyber-threats-in-healthcare-2025/

ENDS

About CyberCX

CyberCX is the leading provider of end-to-end cyber security and cloud services. With a workforce of 1,400 cyber security professionals, CyberCX is a trusted partner to private and public sector organisations, helping customers confidently manage cyber risk, respond to incidents, and build resilience in an increasingly complex and challenging threat environment.

Contact

[email protected]