API Security
,
Fraud Management & Cybercrime
,
Governance & Risk Management
Healthcare Faces Rising App-Based Ransomware Threats and Urgent Compliance Demands
•
July 22, 2025
The healthcare industry remains a favorite target for attackers, with an increasing curve of security incidents and recovery time. Tight budgets and complex infrastructure ramping efforts inevitably result in cybersecurity gaps. Ransomware targets all industry verticals, but in healthcare, the threat vector is increasingly through applications.
See Also: Post-Quantum Cryptography – A Fundamental Pillar in the Future of Cybersecurity [ES]
Meeting compliance mandates, such as the Health Insurance Portability and Accountability Act, Health Information Technology for Economic and Clinical Health and Payment Card Industry Data Security Standard, are business imperatives. But protecting personal health information, or PHI, is paramount for maintaining competitiveness and customer trust in a rapidly changing industry, especially as healthcare organizations navigate an increasingly difficult balance between delivering personalized patient and provider experiences and defending against ever-increasing ransomware security threats through the apps and APIs that connect them.
Apps Critical to Patient Care
The convenience of online access to patient portals through electronic health record, or EHR, systems and the ability to make payments online is table stakes. This has not gone unnoticed by bad actors. As described in an article in Healthcare IT News, Silk Typhoon is a Chinese state-sponsored hacking organization that targets various sectors, including healthcare, by exploiting vulnerabilities in cloud applications to gain unauthorized access.
Apps Are Being Modernized With AI
According to Forrester predictions, half of the top 10 U.S. health insurers will use artificial intelligence to bolster member advocacy.
Epic Systems, a trailblazer in the space, notes that one in four patients would be concerned if their health system was not using AI.
AI-enhanced digital experiences will further risk exposure and increase security hacking incidents, such as vulnerability exploitation and business logic abuse via bots and malicious automation. These same risks can occur through the natural language processing, or NLP, interface exposed to patients and providers to improve customer experiences and streamline care.
Compliance Mandates Are Starting to Have Teeth
Healthcare organizations in the United States are quickly finding themselves in an untenable risk position. Despite a 239% increase in hacking-related breaches since 2018, only 42% plan to maintain and some may even decrease investments in technology that improves cybersecurity and protects privacy.
This gap exists despite intelligence agencies and industry associations ringing alarm bells over imminent threats to patient care. HITECH and PCI-DSS mandates push responsibility for adequate security, but the healthcare industry must understand that simply meeting compliance requirements is no longer sufficient.
Ransomware Being Fueled by App Attacks
The most common attack vectors in healthcare ransomware attacks in 2024 were exploited vulnerabilities and compromised credentials and recovery is taking longer because of increased complexity and severity. In addition to vulnerabilities, the business logic exposed by apps and APIs are inherently vulnerable to abuse.
According to F5 Labs, advanced persistent bots targeting the login flows are most prevalent in healthcare. For example, credential stuffing on genetic testing firm 23andMe that exposed customer health and ancestry information.
Since bots use legitimate credentials and are not trying to exploit software vulnerabilities, they may not trigger a security alarm. MFA can help but, because of the rise in real-time phishing proxies, or RTPP, it’s not foolproof.
New Baseline in Order
The good news is the security industry is already ahead of the curve. For years, organizations have moved to optimize their security inspection capabilities through dynamic, policy-based traffic steering that maximizes investments, streamlines policy, and detects ransomware using a defense-in-depth approach.
Web app and API protection platforms further bolster application security defenses. Integrated controls can mitigate vulnerability exploits and protect business logic from abuse, for web, API-based and AI apps, from the client browser, for mobile devices, across clouds and within new interactive interfaces, from code through testing into production.
F5 solutions for healthcare help organizations flatten the curve, meeting compliance mandates and mitigating exposure of patient and provider data by thwarting ransomware for any app, any API, anywhere.
For more information, go to F5 Solutions for Healthcare.
