Table of contents
- A vital sector under fire
- Ransomware still the most damaging threat
- Human error: the weakest link
- ACN’s recommendations: governance and education
- A global problem: healthcare as a prime target
- Toward a more resilient healthcare system
A vital sector under fire
The Italian healthcare system has become one of the preferred targets for cybercriminals.
According to the report “Cyber Threats to the Healthcare Sector” by the National Cyber Security Agency (ACN), between January and September 2025 there was a 40% increase in cyber events targeting hospitals, local health authorities, and medical centers compared to the same period in 2024.
The CSIRT Italia recorded 60 cyber events versus 42 last year. While the number of actual incidents (those causing real damage) decreased from 47 to 23, the overall trend reveals a growing structural fragility in Italy’s healthcare infrastructure.
Ransomware still the most damaging threat
Ransomware attacks which encrypt systems and demand ransom payments have slightly declined in frequency but remain the most destructive in terms of impact.
In 2023 they represented 46% of all incidents, dropping to 17% in 2024. Still, when they strike, they can paralyze hospital operations, delay treatments, and jeopardize patient privacy.
The ACN identified the following as the most frequent threats in 2025:
- Phishing and email account compromises,
- Active credential scanning,
- Malware spread via email,
- Exposure of sensitive data.
These findings confirm that social engineering psychological manipulation of users remains the favorite weapon of cybercriminals.
Human error: the weakest link
Many cyberattacks in healthcare succeed not because of technical sophistication but due to neglect and lack of training.
The report highlights the absence of basic cyber security measures, such as multi-factor authentication, regular software updates, and proper network segmentation.
In many hospitals and clinics, staff are overworked and untrained, becoming unintentional gateways for cyber intrusions.
ACN’s recommendations: governance and education
To counter this growing threat, the National Cyber Security Agency calls for a centralized and structured governance model for healthcare cyber security, focusing on:
- Unified coordination between hospitals and institutions,
- Robust and regularly updated security protocols,
- Continuous staff training,
- Clear separation of IT and medical responsibilities.
In the event of an incident, CSIRT Italia provides on-site support and technical assistance, helping facilities restore operations and analyze vulnerabilities to prevent recurrence.
A global problem: healthcare as a prime target
Worldwide, healthcare remains one of the most vulnerable sectors to cyberattacks. Since 2023, an average of 4.3 attacks per month have targeted hospitals and clinics globally, and half of them caused disruptions to services from blocked systems and lost medical records to delayed surgeries and emergency diversions.
These aren’t just digital incidents: they can directly endanger human lives.
Toward a more resilient healthcare system
The ACN continues to promote awareness programs and training sessions across Italy, emphasizing the cultural aspect of cyber security.
The goal is to build a safety-first digital mindset within a sector where technology can both save lives and if left unprotected put them at risk.
