A Cyber Plague Is Coming: Why Deception Could Be Healthcare’s Best Cure

The healthcare sector is facing what can only be described as a digital contagion. 

According to the 2025 Verizon Data Breach Investigations Report (DBIR), healthcare experienced 1,710 incidents and 1,542 confirmed breaches, cementing its place as one of the most heavily targeted industries

Why the focus on healthcare? For attackers, it’s a perfect storm:

• High-value data: Medical records fetch a premium on the black market.
• Urgency of operations: Hospitals cannot afford downtime—when systems lock up, lives are on the line.
• Strict reporting rules: In the U.S., breaches can’t be quietly hidden; they must be disclosed, drawing more attention from adversaries.

The DBIR notes that System Intrusion (including ransomware) has overtaken errors as the top cause of breaches. Ransomware thrives in healthcare because it strikes at the heart of care delivery, forcing providers into agonizing choices: pay the ransom or watch patients suffer delays.

Real-World Outbreaks: 2025’s Healthcare Breach Epidemic

This year has already delivered a series of devastating cyber “outbreaks” in healthcare, underscoring how systemic the problem has become:

• Change Healthcare: A ransomware-driven supply chain attack disrupted pharmacies, billing, and claims processing nationwide, impacting 190 million individuals and paralyzing providers for weeks.
• Yale New Haven Health: 5.5 million patients had their data exposed after a major intrusion, proving that even the largest systems are vulnerable.
• Frederick Health: A ransomware strike forced ambulance diversions and jeopardized emergency response for nearly a million patients.
• Episource: Attackers accessed systems of this healthcare IT vendor, exposing data for 5.4 million individuals, showing how third-party partners expand the attack surface.
• Blue Shield of California: A portal error compromised 4.7 million records, demonstrating that human mistakes still trigger massive breaches.

From national insurers to local hospitals, the cyber plague is spreading. And like a biological pandemic, each wave of infection leaves behind long-term consequences: eroded trust, financial strain, and in some cases, real-world harm to patients.

The Digital Pandemic Parallel

Healthcare organizations understand pandemics better than most—and the cybersecurity community increasingly views ransomware and supply chain attacks as digital pandemics. 

The DBIR’s data paints a clear picture:

• 44% of all breaches now involve ransomware, a 37% increase year-over-year.
• Espionage in healthcare breaches is up to 12%, signaling nation-states targeting patient and research data.
• Third-party breaches doubled year-over-year, affecting radiology providers, pharmaceutical companies, IT service vendors, and pharmacies.

Just as viruses mutate to evade vaccines, attackers evolve their tactics. Exploiting vulnerabilities, leveraging stolen credentials, and targeting service providers ensures their malware spreads quickly—sometimes faster than defenders can respond. 

Traditional defenses are already straining to contain the outbreak.

Why Automated Moving Target Defense Is Healthcare’s Antiviral

This is where advanced deception techniques like Automated Moving Target Defense (AMTD) enters the story as healthcare’s equivalent of a digital antiviral. 

Morphisec’s approach disrupts the attacker’s kill chain before they can weaponize vulnerabilities or deploy ransomware, without relying on patches or signatures.

AMTD randomizes the memory and runtime environment, creating an unpredictable and constantly shifting attack surface. For healthcare organizations, this means:

• Patchless protection: Shields critical systems like legacy medical devices and unpatched endpoints that attackers routinely exploit.
• Preemptive defense: Stops zero-days, ransomware, and fileless malware before they cause disruption.
• Operational resilience: Keeps EHR systems, imaging platforms, and pharmacy systems online—even under active attack.
• Third-party risk reduction: Blocks lateral movement and post-exploitation tactics if a partner or vendor connection is compromised.

Rather than chasing every alert or racing to deploy patches, AMTD ensures attacks cannot land in the first place. For healthcare leaders stretched thin by compliance, budgets, and staffing shortages, that’s game-changing.

Deception Technology: Turning the Tables on Attackers

While AMTD immunizes systems by preventing exploits from landing, another promising capability is emerging alongside it: advanced cyber deception.

According to Gartner¹, modern deception technologies create realistic decoys—fake servers, networks, data repositories, or even user accounts—that lure attackers away from critical systems. Once inside these carefully crafted traps, attackers waste time and resources probing assets that don’t matter. More importantly, every move they make triggers early alerts and generates high-fidelity intelligence on their tactics.

Unlike traditional honeypots, advanced deception systems can adapt their behavior based on attacker interactions, making it nearly impossible to tell what’s real and what’s fake. This ensures adversaries remain trapped in the maze, while defenders gain crucial visibility into their techniques.

For healthcare organizations, where downtime can mean the difference between life and death, this capability is particularly impactful:

• Early detection, fewer false positives: Security teams get reliable alerts without the noise, helping them focus on real threats.
• Reduced costs and disruption: By catching attackers before they reach production systems, deception protects critical services and minimizes recovery costs.
• Intelligence-driven defense: Observing how adversaries behave inside decoys provides actionable insights, strengthening defenses across the enterprise.

Gartner notes that adoption of deception is strongest in critical industries like healthcare, financial services, and government, where the stakes are highest. While awareness remains a barrier in some organizations, the technology is maturing rapidly, becoming easier to deploy and manage.

When integrated with preemptive approaches like AMTD, deception offers a powerful one-two punch: preventing most attacks outright, while diverting and exposing the rest before they can cause real damage. For healthcare providers fighting a digital pandemic, this layered defense is the difference between staying operational or being forced offline.

Preparing for the Next Digital Pandemic

he cyber plague is here—and the next wave will be worse. Ransomware groups and state-backed actors aren’t easing up; they’re escalating. Healthcare organizations must recognize that reactive defenses are no longer enough.

AMTD represents a proactive, preemptive approach—a way to immunize healthcare systems against the growing cyber pandemic. Just as the healthcare sector pioneered lifesaving breakthroughs in medicine, it must now lead in adopting next-generation security designed to save lives in the digital realm.

Don’t wait until your hospital is on life support. The time to inoculate against the cyber plague is now.
Download our case study to see how Houston Eye Associates safeguarded patient data and security against attacks.

¹Gartner. Emerging Tech: Tech Innovators in Preemptive Cybersecurity. Luis Castillo, Isy Bangurah. 8 January 2025.

About the author

Brad LaPorte

Chief Marketing Officer

Brad LaPorte is a seasoned cybersecurity expert and former military officer specializing in cybersecurity and military intelligence for the United States military and allied forces. With a distinguished career at Gartner as a top-rated research analyst, Brad was instrumental in establishing key industry categories such as Attack Surface Management (ASM), Extended Detection & Response (XDR), Digital Risk Protection (DRP), and the foundational elements of Continuous Threat Exposure Management (CTEM). His forward-thinking approach led to the inception of Secureworks’ MDR service and the EDR product Red Cloak—industry firsts. At IBM, he spearheaded the creation of the Endpoint Security Portfolio, as well as MDR, Vulnerability Management, Threat Intelligence, and Managed SIEM offerings, further solidifying his reputation as a visionary in cybersecurity solutions years ahead of its time.