Health insurers, hospitals and clinics face more cyber attacks from extortion criminals

Cyber criminals are targeting health clinics and other providers outside of major hospitals in steadily increasing extortion campaigns with AI the biggest threat driver.

Sarah Ison

As well as pointing to criminal extortion dangers, a report has found China and other threat actors are focusing efforts on infiltrating Australia’s health research institutions for valuable data. Picture: Damian Shaw

3 min read

3:27PMMarch 07, 2025

Cyber criminals are targeting health clinics and other providers outside of the main hospitals as part of steadily increasing extortion campaigns against one of the most vulnerable sectors in the country, while China and other threat actors are focusing efforts on infiltrating Australia’s health research institutions for valuable data.

In the wake of a series of high-profile data breaches in the health industry, most notably the Medibank leak of millions of Australians’ personal information in June last year, a major report laid bare the key risks to the healthcare sector going forwards.

As part of the investigation into the dangers facing healthcare, leading cyber security provider CyberCX found artificial intelligence was both the biggest opportunity and biggest threat driver for the industry for 2025.

While healthcare providers were increasingly using AI for note-taking and other administrative tasks, CyberCX warned the technology was also being used by those seeking to attack the sector.

“Healthcare organisations are generally high-value targets for cyber threat actors due to their operation of critical infrastructure, low tolerance for operational disruption and large holdings of sensitive data,” the CyberCX report found.

“Heightened geopolitical contest is driving increased nation-state interest in large aggregated data sets, particularly from China.”

CyberCX revealed in 2023 and 2024 that it had responded to the most incidents in the healthcare sector than in any other industry, with global competition over cutting edge medical research – from biotechnology and AI healthcare applications to genomics and nanotechnology – driving heightened foreign government espionage.

Generative AI was mostly being used by such foreign governments and cyber criminals as a “learning and productivity tool” that gave threat actors the ability to generate content and perform research much faster than ever before.

The CyberCX report found the threat profile facing Australian and New Zealand hospitals was “elevated” while the threat facing health insurance was more pressing and described by the cyber security firm as being “high”.

DeepSeek hit by cyberattack as users flock to Chinese AI start-up

Cyber extortion actors – or cyber criminals seeking to make a profit by compromising online systems – presented the highest threat to hospitals due to the potential disruption of patient care, which poised a significant opportunity for criminals demanding a ransom be paid to unlock systems or release data.

Additionally, CyberCX found that there was “a real chance that nation-state actors will target Australian hospitals due to significant data holdings on local populations, and connections to state and national governments”.

“The threat from malicious insiders in a hospital setting can be significant and incidents can have a high impact, with users able to leverage legitimate access, familiarity with systems and knowledge of sensitive organisational information,” the report noted.

CyberCX also noted that the non-hospital clinical services were “by far the most targeted healthcare sub-sector by cyber extortion actors”, with nearly 10 times the number of publicly claimed attacks compared to hospitals.

The cyber firm raised particular alarm over the risks posed to health insurers, which held “a confluence of sensitive financial and health information” and were “high-revenue businesses”.

“(This makes) them prime, high-value targets of cyber criminals seeking to hold a critical business to ransom,” the report found.

Health research institutes were also considered high-value targets, particularly because of the data they stored, with CyberCX declaring the sector was far from adequately prepared for future attacks.

“As the Australian government is investing in new and expanded medical research programs and institutes, such as the Health Research for a Future Made in Australia program, worth $1.89bn, and the development of a National Health and Medical Research Strategy, it is imperative cyber security plays a central role in the foundations of best practice,” the report found

CyberCX’s healthcare industry lead and report author, Megan Lane, said “the delivery of safe modern medicine is underpinned by secure technology – there are few other sectors where decisions about technology and security have the ability to so profoundly impact human lives and wellbeing”.

“Just as AI has the potential to revolutionise the way we diagnose and treat ill and vulnerable people, cyber threat actors are looking at how this technology can help them accelerate and better target their efforts,” she said.

“Health professionals all know that prevention is better than the cure, and the same is true for cyber security. A strong, safe, and secure health system is what patients and the broader community need and deserve.”