The healthcare industry remains a favorite target for attackers as it faces an increasing curve of security incidents and slow recovery times. Tight budgets and complex infrastructure modernization efforts inevitably result in cybersecurity gaps. While ransomware targets all industry verticals, in healthcare, threats are increasingly driven by application-level attacks—notably through exploited vulnerabilities and compromised credentials.
Meeting compliance mandates such as the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH), and the Payment Card Industry Data Security Standard (PCI-DSS) are business imperatives, but protecting personal health information (PHI) is paramount for maintaining competitiveness and customer trust in a rapidly changing industry.
In this blog post, we explore how healthcare organizations are navigating an increasingly difficult balance between delivering personalized patient and provider experiences— now enhanced by AI—and defending against ever-increasing ransomware security threats that target the apps and APIs that connect them.
Apps, APIs, and AI are critical to patient care
The convenience of online access to patient portals through electronic health record (EHR) systems and the ability to make payments online is table stakes.
This has not gone unnoticed by bad actors. Threat actors disrupt supply chains and pose significant threats to critical infrastructure by exploiting vulnerabilities in cloud applications to gain unauthorized access to sensitive data.
According to Forrester predictions, half of the top 10 U.S. health insurers will use AI to bolster member advocacy. Epic, a trailblazer in the space, notes that one in four patients would be concerned if their health system was not using AI. Given that AI ecosystems are connected via APIs, and their underlying software supply chains include components that extend across hybrid and multicloud environments, AI will further risk exposure and increase security hacking incidents, such as vulnerability exploitation and business logic abuse via bots and malicious automation. These same risks apply to natural language processing (NLP) interfaces exposed to patients and providers to improve customer experiences and streamline care through generative AI.
Compliance mandates are starting to have teeth
U.S. healthcare organizations are quickly finding themselves in an untenable risk position. Despite a 239% increase in hacking-related breaches since 2018, only 42% plan to maintain, and some may even decrease, investments in technology that improve cybersecurity and protect privacy. This gap exists despite intelligence agencies and industry associations ringing alarm bells over imminent threats to patient care data. While HITECH and PCI-DSS mandates push responsibility for adequate security, the healthcare industry must understand that simply meeting compliance requirements is no longer sufficient.
“The baseline is not compliance—it’s cybersecurity best practices.”
Ransomware is being fueled by app attacks
In 2024, the most common attack vectors in healthcare ransomware attacks were exploited vulnerabilities and compromised credentials, and recovery is taking longer due to the increased complexity and severity of the attacks. As an example, a series of in-the-wild attacks that exploit an application vulnerability and execute arbitrary code without authentication have been ongoing since January, with threat actors targeting the bugs to deploy web shells that are then abused for follow-up activities.
In addition to vulnerabilities, the business logic exposed by apps and APIs are inherently vulnerable to abuse from bots. According to F5 Labs, advanced persistent bots targeting login flows are most prevalent in the healthcare industry. For example, the decline of genetic testing firm 23andMe was, in part, attributed to a credential stuffing campaign that exposed customer health and ancestry information. Since the bots use legitimate credentials and are not trying to exploit software vulnerabilities, they may not trigger a security alarm. Multi-factor authentication (MFA) can help prevent credential stuffing but, due to the rise in real-time phishing proxies (RTPP), it's not foolproof.
A new baseline is in order
The good news is that the security industry is already ahead of the curve. For years, organizations have optimized their security inspection capabilities through dynamic, policy-based steering of SSL/TLS traffic to maximize investments, streamline policy, and detect ransomware within infrastructure and applications using a defense-in-depth approach.
Web app and API protection platforms further bolster application security defenses against ransomware. Integrated controls can mitigate vulnerability exploits and protect business logic from abuse—for web, API, and AI apps—across multiple environments, including client browsers, mobile devices, clouds, new interactive interfaces, and the software development lifecycle.
F5 solutions for healthcare help organizations flatten the curve—meeting compliance mandates and mitigating exposure of patient and provider data by thwarting ransomware for any app, any API, anywhere.
For more information, check out F5 solutions for healthcare.
About the Author
Related Blog Posts
The everywhere attack surface: EDR in the network is no longer optional
All endpoints can become an attacker’s entry point. That’s why your network needs true endpoint detection and response (EDR), delivered by F5 and CrowdStrike.
F5 NGINX Gateway Fabric is a certified solution for Red Hat OpenShift
F5 collaborates with Red Hat to deliver a solution that combines the high-performance app delivery of F5 NGINX with Red Hat OpenShift’s enterprise Kubernetes capabilities.
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.