HIPAA/HITECH,
Incident & Breach Response,
Security Operations
Recent Hacks Underscore Persistent and Growing Threats to Smaller Organizations
In an alarming trend, small and mid-sized healthcare organizations have been disproportionately targeted by hackers in recent months. This surge in ransomware attacks and data theft incidents has impacted large segments of the patient population, sparking renewed concerns about cybersecurity in the healthcare sector.
A recent report highlighted that eight hacking incidents affecting small medical practices have collectively impacted nearly 2 million individuals. Breaches ranged from about 100,000 individuals to nearly 600,000, affecting a diverse array of medical specialties and locations across the United States.
Examples of the affected organizations include Coastal Carolina Health Care in North Carolina, with a significant breach impacting 110,304 individuals, and Erie Family Health Centers in Pennsylvania, which reported an incident that affected approximately 570,000 patients. The list is extensive, encompassing a variety of small healthcare providers, many of which are now on high alert.
This troubling trend is not new, as documented health data breaches continue to populate the U.S. Department of Health and Human Services’ HIPAA Breach Reporting Tool. However, the frequency and magnitude of these recent attacks have raised alarm bells among security experts. The situation aligns closely with findings from Verizon’s latest annual breach analysis, which underscores that healthcare remains a prime target for cybercriminals, with smaller organizations appearing particularly vulnerable.
According to Verizon’s data, smaller healthcare entities—those employing up to a thousand employees—were disproportionately affected, accounting for 472 of the 1,492 healthcare security incidents identified in 2025. In stark contrast, larger organizations were involved in just 21 incidents during the same period.
An increase in the number of threat actors, particularly those operating within cybercrime affiliate models, can explain the sharp focus on smaller healthcare providers. These criminals view such organizations as “low-hanging fruit” due to their limited cybersecurity capabilities and their likelihood of complying with extortion demands. Mike Hamilton, a former CISO for the city of Seattle and now CISO emeritus at IT provider Datec Inc., emphasized this shift in criminal strategy.
The deeply interconnected nature of the healthcare ecosystem also benefits hackers, as highlighted by Skip Sorrels, a field CISO and CTO at security firm Claroty. He noted that no healthcare breach operates in isolation. A small specialty clinic or mid-sized provider often serves as a critical backend node for larger health networks, insurance companies, or pharmacy chains. Thus, any lapse in security can have a cascading effect, amplifying the “blast radius” of these breaches.
The recent hacking incidents have revealed that sensitive patient data, including names, Social Security numbers, medical information, and additional personal details, has been “accessed or acquired.” This information was compromised during investigations related to unusual activity disrupting the IT systems of these organizations.
In the breaches examined by Verizon, financial gain was identified as the primary motive behind the attacks, followed by espionage-related objectives. Hamilton speculated that espionage activities might be aimed at significant research, such as patentable drugs or readiness to respond to health emergencies. Such valuable information could potentially be sought after by nation-states, elevating the stakes for smaller healthcare providers.
The primary vectors used to gain initial access in these healthcare incidents included exploiting vulnerabilities, phishing attempts, and credential misuse. Many of these incidents involved third parties, such as vulnerabilities in the Oracle E-Business Suite that have garnered attention from security firms.
Given the increasing sophistication of cyberattacks, particularly with the advent of artificial intelligence technologies like Claude Mythos for vulnerability identification, vulnerabilities in healthcare systems are likely to rise. These advancements enable hackers to automate and scale their attacks, converting what once required manual effort into mass-targeting campaigns.
As healthcare organizations navigate this landscape teeming with cyber threats, the focus must shift towards strengthening the cybersecurity posture of smaller entities. If the weakest links in the medical supply chain are not secured, the repercussions of breaches will inevitably expand, endangering patient data and ultimately compromising the integrity of the healthcare system itself.