Over the past year, Poland has seen more than a 2.5-fold increase in the number of cyber attacks on the medical sector. While 405 incidents were recorded in 2023, there were as many as 1028 in 2024.
Experts estimate that over the past year, more than 80% of health care sector companies experienced a cyber attack. According to Check Point experts, the biggest threats to the sector are data theft and ransom blackmail, as well as attacks on the technology supply chain.
Attacks on IoMT (Internet of Medical Things) equipment and devices have increased by over 170% in the past year, and by 109% on software, increasing the risk of security gaps.
In 2024, more cyber attacks were recorded on the health service than in the three previous years combined – according to information from the Centre for E-Health (CEZ)*. According to research by Check Point Research, the global health care sector is attacked 2400 times a week, and in 2024, the industry recorded a 47% increase in attacks. Sadly, in Poland, over 72% of facilities do not have cyber security teams.
In 2024, health care became the second most attacked sector in the world, according to the Check Point State of Cyber Security 2025 report, which highlights the urgent need for cyber security measures to protect sensitive patient data and ensure the integrity of medical devices.
Experts agree – the integration of Internet of Medical Things (IoMT) devices has revolutionized and improved patient care, but also poses a challenge in terms of cyber security. As they emphasize, IoMT devices often do not have built-in security features, making them vulnerable to cyber attacks. A breach of security can lead to data theft, patient safety risks, and operational disruptions.
The European Commission has taken steps towards EU-level action to protect the healthcare sector
In the opinion of experts, the health care sector is one of the most attacked due to its dynamic development, dependence on technology, and sensitivity of stored information.
In response, the European Commission has taken steps to ensure the protection of the health care sector in the EU, including the creation of a dedicated center within the cybersecurity agency ENISA, aimed at protecting health organizations from cyber threats.
Meanwhile, hospitals and medical institutions have also been recognized as a high-risk sector under the NIS2 Directive. The NIS2 security framework works with the Cyber-Resilience Act, the first EU legal act imposing mandatory cybersecurity requirements on products containing digital elements, which came into effect on December 10th, 2024.
The cost of cyber attacks in healthcare
The surge in cyber attacks on the medical sector leads to significant financial losses and disruptions in patient care. As shown in Trustwave’s analysis, a single medical data file can be worth as much as $250 on the black market. Medical data is valuable to cyber criminals as health information, diagnoses, and treatments can be used for insurance fraud, identity theft, or blackmail. The average cost of a medical institution’s security breach in 2024 amounted to $9.8 million, according to the IBM and Ponemon report.
A recent study among 1,309 IT and security specialists in the healthcare sector by Netwrix revealed that 84% of them detected a cyber attack or break-in over the past 12 months, with the most common types of attacks being account takeover and phishing.
Source: https://managerplus.pl/cyberataki-na-sektor-medyczny-w-polsce-wzrosly-25-krotnie-alarmujace-statystyki-10355
