Cyberattacks on the healthcare sector have reached an unprecedented scale, and the latest data from Check Point leave no doubt—hospitals and medical facilities have become one of the most exposed and, at the same time, most profitable targets for cybercriminals. Combined with real incidents in Poland, such as the attack on the Bonifraterskie Medical Center, this creates a picture of a systemic threat that can directly impact patient safety.
According to data from Check Point Research, the global healthcare sector is currently targeted by more than 2,000 attacks per week on average. Moreover, in 2024 alone, the number of cyberattacks on the industry increased by 47%, and experts estimate that over 80% of medical organizations experienced at least one incident in the past year. This means that cyberattacks are no longer exceptions—they have become a standard aspect of healthcare system operations.
Check Point’s data is consistent with findings collected by the European Union in the EC Annual Report on NIS Directive Incidents (2019–2024), which shows that the healthcare sector is the most frequently targeted in the EU, experiencing nearly 300 serious incidents annually. These incidents have a significant impact on patient health and safety, as well as on systemic stability.
Poland is in a particularly challenging position. In 2024, there were 632 recorded attacks on medical institutions (e-Zdrowie), and from January to August 2025 alone, the number reached 946. Experts agree that if the pace observed in 2025 continues—or accelerates, as suggested by reports—2026 could exceed 1,500–2,000 incidents annually in the healthcare sector.
According to Check Point analyses, Poland has become one of the main targets of cyberattacks in the region. In the first week of 2026, a single public institution faced an average of nearly 3,200 attack attempts. At the same time, critical infrastructure, including hospitals, is targeted by 20 to as many as 50 attacks per day. In practice, this means a constant threat to the functioning of medical facilities.
At the same time, the scale of social engineering attacks is increasing. In January 2026, CSIRT CeZ warned of an intensifying phishing campaign in which cybercriminals impersonate the e-health system (P1) to steal login credentials from healthcare staff. The problem is exacerbated by the low level of preparedness in many institutions. Data from CSIRT CeZ shows that nearly 9% of units lack basic protections such as antivirus software or network security. In many cases, multi-factor authentication is absent, and 64% of hospital directors have not received cybersecurity training. Moreover, 36% of facilities do not train their staff either.
Gaps are also visible in technical procedures—over 42% of organizations do not store event logs for extended periods, and although 90% create backups, as many as 60% do not test them. This means that even if data is theoretically secured, recovery after an attack may prove impossible.
The growing value of medical data is another critical factor. Experts at Check Point point out that, alongside the potential for extortion, it is the primary motivation for cybercriminals. Patient data can be used for identity theft, financial fraud, or sold on the black market. At the same time, increasing digitalization—including the development of telemedicine, electronic medical records, and AI-based systems—expands the attack surface.
“The healthcare sector has become more attractive to cybercriminals than traditionally targeted industries such as finance or manufacturing. This is due to the combination of high-value data and relatively low levels of security in many organizations,” note analysts from Check Point Research.
Particularly rapid growth is being seen in attacks targeting medical technologies. Over the past year, the number of incidents involving IoMT (Internet of Medical Things) devices has increased by more than 170%, while attacks on medical software have risen by 109%. This means that not only administrative systems are at risk, but also devices directly supporting patient treatment.
The consequences of such attacks can be dramatic. “Cyberattacks can delay medical procedures, cause bottlenecks in emergency departments, and disrupt life-critical services, which in extreme cases may directly impact patients’ lives,” emphasizes Wojciech Głażewski.
These warnings are confirmed by recent events in Poland. The Bonifraterskie Medical Center reported that on March 13 it was hit by a ransomware attack that “led to the encryption of files stored on selected server infrastructure, resulting in temporary loss of data availability and potential breaches of confidentiality.” The facility also acknowledged the risk that personal data may have been accessed by cybercriminals, potentially leading to its sale or use in criminal activities.
The investigation is being conducted by the Central Cybercrime Bureau. Its spokesperson, Commissioner Marcin Zagórski, stated: “The incident was likely carried out by the same group responsible for the attack on a hospital in Szczecin.” The earlier attack on the Szczecin facility led to the paralysis of IT systems and forced a switch to paper documentation.
In response to these threats, the European Union is implementing a comprehensive plan in 2026 to strengthen the cybersecurity resilience of the healthcare sector. This includes early warning systems, rapid response teams, and financial support for institutions. Strengthening cooperation between member states and leveraging artificial intelligence for real-time threat detection are also key components.
However, as Check Point experts emphasize, even the best regulations cannot replace fundamental actions at the level of individual institutions. Without investment in security, training, and response procedures, the number of incidents will continue to rise.
