Ransomware and vendor breaches persist.
The “2026 Data Breach Investigations Report” (DBIR) highlights how evolving social engineering tactics make the sector more vulnerable.
Pulled quotes from Health-ISAC
The Health Information Sharing and Analysis Center (ISAC) continues to see social engineering as not only a persistent threat, but a highly effective one, explains CSO Errol Weiss. What separates healthcare is how well the schemes exploit operational urgency, complex supplier relationships, and high-value targets like credentials and patient data, he adds.
“Based on member reporting and broader industry observations, these attacks have remained persistent and, in many organizations, feel ‘resurgent’ over the past year,” Weiss tells Dark Reading. “The more important story isn’t just volume; it’s effectiveness.”
Threat actors have responded to improved email security by refining pretexts and tailoring lures to healthcare workflows including vendor billing, human resources (HR), IT access, and even clinical operations, adds Weiss.
The trends echo what Health-ISAC sees as well – a shift toward more targeted, impersonation driven, and multi-channel social manipulation. Threat actors use techniques like pretexting that lead to more “credible deception that aligns with how healthcare actually works,” explains Weiss.
Read the article in Dark Reading. Learn More
