Record wave of cyberattacks on healthcare. Hospitals have a serious problem

Polish medical facilities are increasingly becoming the target of cybercriminals. The recent attack on the provincial hospital in Szczecin, during which hackers encrypted data and blocked access to them, once again demonstrated the scale of the problem and the vulnerability of the health care system to digital threats.

Attacks on hospitals

Data collected by the Sectoral Computer Security Incident Response Team operating at the e-Health Center (CSIRT CeZ) shows that in 2025, a record number of 1,441 cybersecurity incidents were recorded in medical entities. That’s as much as 40 percent. more than a year earlier, when 1,028 such events were registered.

Statistics also show that the scale of the threat is systematically growing. By August 2025, the average number of incidents was approximately 118 per month. However, in the last four months of the year it increased to over 123 cases per month.

The most frequently used methods of cyberattacks remain similar to previous years. In 2025, computer frauds dominated, such as phishing, vishing and various forms of social engineering. A total of 580 such incidents were registered, while in 2024 there were 374 of them. The second large group consisted of detected vulnerabilities of IT systems that can be used by cybercriminals. There were 344 cases recorded in this category, compared to 242 a year earlier.

Experts emphasize that criminals do not so much change their methods of operation as they constantly improve them and use them more and more often. One of the most popular types of attacks remains ransomware, i.e. malicious software that blocks access to data.

According to experts, the increase in the number of cyberattacks is due to several factors. One of them is the development of a model called “Ransomware as a Service”. Within it, specialized groups create malware and share it with other criminals. Thanks to this, the entry threshold for cybercrime is lower, and even people without advanced technical knowledge can carry out effective attacks.

Geopolitical situation

The geopolitical situation is also important. Poland is among the countries that are increasingly becoming the target of activities of professional, organized groups linked to governments, known as APTs. One of their main goals is critical infrastructure, which also includes the health care system.

Experts also point out weaknesses in the security of medical facilities. The problem is not only limited access to financing, but also a shortage of cybersecurity specialists.

Research conducted by CSIRT CeZ shows that as many as 60 percent medical entities do not monitor emerging vulnerabilities in their IT systems on an ongoing basis. Less than 60 percent regularly tests data backup and recovery procedures.

Additionally, almost 9 percent facilities do not have basic protection tools, such as antivirus software, EDR/XDR systems analyzing network threats or firewalls. In many cases, multi-step login, which significantly increases the level of security of IT systems, is still not used.

Hospital directors, however, point to the problem of staff shortages. To ensure adequate digital protection, constant supervision of IT systems by specialists available 24 hours a day is needed. In practice, many facilities are unable to provide such support.

Medical facilities often struggle with a difficult financial situation, which means they cannot compete with the private sector in terms of salaries. Meanwhile, commercial companies offer cybersecurity specialists much higher salaries.

The scale of the financial impact of cyberattacks is also enormous. According to estimates, the average cost of a data breach in the global healthcare sector in 2025 was approximately $7.42 million. This is the highest level of losses among all industries, higher even than in the financial or energy sectors.

In the case of medical facilities, a cyber attack means not only financial losses, but also a serious risk to the functioning of the health care system. Loss of access to data or its encryption may paralyze hospital operations and, in extreme cases, even threaten patient safety.