Healthcare cyber-security is at a critical juncture. According to the Clusit Report 2025 (Clusit is the Italian Association for Cyber-security), 2024 marked a further deterioration of the global scenario for cyber attacks, with a 27 percent increase over 2023. According to the report, 3,541 incidents were recorded in the past year, the highest number ever.
Not only that, but the average severity of cyber attacks is also steadily increasing: over the past five years, the severity index–which measures the impact of incidents–has shown a steady increase: in 2023-24 about 80 percent of attacks were classified as “serious” or “critical”, a percentage that in 2020 stood at 50 percent (although the ratio of “critical”–the most serious–to “high” cases shows an improvement).
Italy under attack
Italy, represents one of the most affected countries in the world: despite representing only 0.7 percent of the population and 1.8 percent of the world’s GDP, our country has suffered 10 percent of the attacks recorded globally (up 15 percent over the previous year). This figure is even more worrying when compared with France’s 4% and Germany and the UK’s 3%. In 2024 alone, it suffered 357 serious attacks, accounting for 39% of all cases detected in 2020-2024. Although compared to the previous year, incidents increased by 15%, this figure represents a cooling from the +65% recorded in 2023.
The vast majority of attacks are attributable to cyber-crime, accounting for 78% of the total. This is up sharply from 2023, when this category stood at 64 percent, and brings Italy closer to the global average (86 percent).
The increase in attacks is fueled by a combination of factors ranging from the evolution of offensive techniques and their increased accessibility, to the unstable geopolitical context, to the growing digitization and spread of artificial intelligence systems and the widespread inadequacy of prevention methods.
The healthcare sector is one of the most affected
In 2024, the healthcare sector is confirmed as a favorite target in the global cyber threat landscape. According to Clusit, the healthcare sector experienced an 18.9 percent increase in attacks in 2024 compared to the previous year, confirming it as the third most affected category (along with the government and military sectors, and “multiple targets attacks,” all of which are considered of high strategic value to cyber criminals). Again, the intensification of attacks has more than one cause, among which two factors stand out.
The first is the value of health data: each patient record has a high economic value and can be sold on the dark web at prices higher than credit cards. In addition, the increasing digitization of the industry has expanded the so-called“attack surface”: the adoption of technologies such as telemedicine, electronic health records, and connected medical devices (IoMTs) has multiplied the access points that can be exploited by cyber criminals.
Severity of attacks in the healthcare sector remains high: According to the report, globally in 2024 the share of healthcare incidents with severe (67 percent) or very severe (23 percent) impacts remained at 90 percent of the total, as in the previous year.
Attacks on Italian healthcare
In 2024, several cyber attacks affected Italian healthcare facilities, including ASST Rhodense in Lombardy, with severe disruptions in hospitals and RSAs, and the entire healthcare system in Lucania, infiltrated through a third-party vendor. Other incidents involved the ASL of Teramo, the San Giovanni Addolorata Hospital in Rome, and the Azienda Ospedaliera in Alexandria, all of which shared operational blocks, data theft, and ransom demands.
The attacks resulted in prolonged operational blockages, suspension of surgeries and diagnostic services, online dissemination of sensitive data and ransom demands; in the case of ASST Rhodense, for example, sensitive data amounting to more than a Terabyte, including medical documents, prescriptions and personal information, was hacked – and posted on the dark web.
The Role of NIS2
In this context, the European Directive NIS2 (Network and Information Security, establishes new cyber-security standards for networks and information systems) represents, according to the report’s authors, a key turning point for cyber-security of critical infrastructures–such as healthcare–across the European Union.
The directive, which came into effect in Italy on Oct. 16, 2024, imposes more stringent security requirements and extends its coverage beyond traditional critical infrastructure, now including medium-sized companies. In addition, the regulation is now strongly aligned with ISO/IEC 27001 (the international standard in cyber-security best-practice) such that an NIS2 adjustment can cover much of the ISO certification path.