Cyber threats to healthcare: Why defending against ransomware is now a matter of life and death

The healthcare sector across Asia stands at a critical crossroads. As digital transformation accelerates, hospitals, clinics and medical networks increasingly rely on interconnected systems, from electronic health records, and cloud platforms to Internet-of-Medical-Things (IoMT) devices.

However, the growing dependence on digital infrastructure brings with it a double-edged sword: widened attack surface for cybercriminals. Cyberattacks on the healthcare industry can have life and death consequences, with ransomware attacks posing serious risks to patient safety.

The breaches have gone beyond financial or operational disruptions and the delivery of essential care. For instance, last year’s ransomware attack on NHS blood services in London was a contributing factor in the tragic death of a patient.

Recently, we published our 2025 Global Ransomware Risk Report, showing an alarmingly high number of APAC organisations (61%) were successfully attacked by ransomware at least once in the past year. Among those affected, 85% of all organisations across multiple industries paid ransoms to restore systems or protect data. The threat is particularly acute for healthcare.

In Singapore, healthcare organisations are being targeted by ransomware gangs daily.

When identity systems are bypassed: a threat to the heart of healthcare

The healthcare sector has long been a prime target for cybercriminals due to its vast repositories of sensitive data. Besides patient records, attackers are now also targeting archives and backups, holding entire data stores hostage. On top of that, healthcare organisation’s identity systems, most commonly Active Directory (AD), are targeted in more than 80% of ransomware attacks.

Threat actors often exploit weak configurations, unpatched systems and the poor visibility some security teams have into user activity. Numerous high-profile breaches, including the ransomware attack on McKay Hospital in Taipei that encrypted medical records, and delayed urgent treatment highlight AD as a critical vulnerability. When identity systems are compromised, patient care can be affected, making it essential for healthcare organisations to know how vulnerable their identity system is today.

Building immunity against cyber threats in healthcare

As the frequency and sophistication of cyberattacks continue to escalate, healthcare organisations can no longer rely on outdated, reactive defences or the traditional perimeter-based security model. In an environment where the attack surface has expanded through connected medical devices, digital patient services and dispersed workforces, assuming that systems inside the network are inherently safe is no longer acceptable.

To safeguard its critical infrastructure, healthcare organisations should consider adopting a proactive, intelligence-driven security program that places identity systems at the centre of its defences.

Zero-Trust Security Models are fundamental to this shift. Under its principles, no user, device or system is automatically trusted; every access request is continuously validated. This “never trust, always verify” mindset is rapidly gaining traction in the healthcare industry, where protecting the integrity of both internal systems and patient-facing services is paramount.

A resilient, layered cybersecurity framework for modern healthcare should include:

– Identity Threat Detection and Response (ITDR): Continuous, real-time monitoring of user activity and access patterns, enabling early detection of anomalies that could signal credential theft or internal compromise
– Zero-Trust Security Architectures: Embedding robust verification checkpoints at every stage of user interaction, ensuring that trust is earned dynamically rather than assumed
– Proactive System Hardening and Monitoring: Conducting regular security posture assessments, patch management and red-team testing to identify and mitigate vulnerabilities before they are exploited
– Enhanced Cybersecurity Awareness and Training: Empowering all levels of clinical and administrative staff to recognise phishing attempts and identity-based threats, reinforcing the human layer of defence Integrating these measures into a dynamic, evolving security strategy enables healthcare organisations to minimise risk, protect sensitive data and improve their operational resilience.

Securing healthcare’s future in the face of rising cyber threats

It is unlikely that ransomware attacks on healthcare organisations will subside in the years ahead. Those organisations that can integrate an ‘assume breach’ mindset into their cybersecurity planning will improve their response times to possible threats and reduce their overall risk posture.

Those organisations that continue to leave gaping holes in their infrastructure, pay ransoms and continue with the status quo will put a higher percentage of their patients at risk.