[ /report/461 // public // by @Unknown ]

THE STATE OF HEALTHCARE CYBERSECURITY 2025

Generated 2026-05-16 · 1 TTPs · 92 IOCs · 3 actors

report_id: #461

// 01Executive summary

Healthcare organizations are facing an urgent and escalating threat from ransomware groups like LockBit 3.0, ALPHV/BlackCat, and BianLian, which are actively exploiting systemic vulnerabilities. Immediate detection efforts should focus on identifying exploitation attempts against public-facing applications, OS, endpoint misconfigurations, and outdated medical devices. Response actions must prioritize patching critical vulnerabilities, securing IoT and cloud-based PACS systems, and enhancing proactive cyber defenses to mitigate these sophisticated attacks. Organizations should also be vigilant for indicators associated with these specific ransomware groups to prevent data exfiltration and operational disruption.

// 02Key metrics

// ttps
1
ATT&CK techniques
// iocs
92
indicators
// actors
3
threat groups
// kwords
10
keywords

// 03MITRE ATT&CK

// 04Threat actors

LockBit 3.0 ALPHV/BlackCat BianLian

// 05Indicators of compromise

// ips1

  • 185.23.253.150

// domains1

  • veriti.ai

// urls0

none

// sha2560

none

// md50

none

// emails0

none

// cves90

  • CVE-2021-44228
  • CVE-2018-13379
  • CVE-2022-29464
  • CVE-2019-19781
  • CVE-2020-1472
  • CVE-2021-27314
  • CVE-2021-27319
  • CVE-2021-1675
  • CVE-2021-34527
  • CVE-2022-26809
  • CVE-2023-21554
  • CVE-2022-34721
  • CVE-2022-34713
  • CVE-2022-30190
  • CVE-2022-26923
  • CVE-2022-41128
  • CVE-2022-21971
  • CVE-2024-40898
  • CVE-2024-38477
  • CVE-2024-38476
  • CVE-2024-38474
  • CVE-2024-27316
  • CVE-2023-45802
  • CVE-2023-31122
  • CVE-2023-25690
  • CVE-2022-37436
  • CVE-2022-36760
  • CVE-2020-13938
  • CVE-2018-1283
  • CVE-2022-31813
  • CVE-2022-23943
  • CVE-2022-22720
  • CVE-2021-44790
  • CVE-2021-39275
  • CVE-2021-26691
  • CVE-2019-9517
  • CVE-2019-0211
  • CVE-2013-4365
  • CVE-2011-2688
  • CVE-2007-4723
  • CVE-2022-30556
  • CVE-2022-29404
  • CVE-2022-28615
  • CVE-2022-28614
  • CVE-2022-28330
  • CVE-2022-26377
  • CVE-2022-22721
  • CVE-2022-22719
  • CVE-2021-44224
  • CVE-2021-40438
  • CVE-2021-34798
  • CVE-2021-33193
  • CVE-2021-32792
  • CVE-2021-32791
  • CVE-2021-32786
  • CVE-2021-32785
  • CVE-2021-26690
  • CVE-2020-35452
  • CVE-2020-11993
  • CVE-2020-11023
  • CVE-2020-11022
  • CVE-2020-9490
  • CVE-2020-1934
  • CVE-2020-1927
  • CVE-2019-17567
  • CVE-2019-10098
  • CVE-2019-10092
  • CVE-2019-10082
  • CVE-2019-10081
  • CVE-2019-0220
  • CVE-2019-0217
  • CVE-2019-0196
  • CVE-2018-17199
  • CVE-2018-17189
  • CVE-2018-11763
  • CVE-2018-1333
  • CVE-2018-1312
  • CVE-2018-1303
  • CVE-2018-1302
  • CVE-2017-15715
  • CVE-2017-15710
  • CVE-2013-2765
  • CVE-2013-0942
  • CVE-2012-4360
  • CVE-2012-4001
  • CVE-2012-3526
  • CVE-2011-1176
  • CVE-2009-2299
  • CVE-2023-37679
  • CVE-2023-43208

// 06Geographic coverage

// 07YARA rule

// Failed to generate YARA rule

// 08Keywords

{'keyword': 'healthcare', 'score': 16.4778} {'keyword': 'ransomware', 'score': 14.861} {'keyword': 'data', 'score': 11.8265} {'keyword': 'vulnerabilities', 'score': 10.8146} {'keyword': 'lockbit', 'score': 8.3869} {'keyword': 'alphv', 'score': 7.7203} {'keyword': 'cve', 'score': 7.6637} {'keyword': 'cybersecurity', 'score': 7.6482} {'keyword': 'attacks', 'score': 7.347} {'keyword': 'exploit', 'score': 7.3249}

// 09Attack chain

// 10Technical mitigations

// 12Export

// format: // sign in to export ./sign_in