According to Coventry and Branley in Cybersecurity in healthcare: A narrative review of trends, threats and ways forward, "Healthcare is an attractive target for cybercrime for two fundamental reasons: it is a rich source of valuable data and its defences are weak." Blockchain researchers reinforce this observation in Blockchain for healthcare systems: Architecture, security challenges, trends and future directions, who observe that healthcare systems handle "enormous amounts of data generation, information sharing, storage, and analysis" while facing "prevailing challenges like scalability, resilience, security and privacy" that "are yet to be overcome."
These observations are supported by data from the World Economic Forum, stating that, "The healthcare industry maintained its position as the most expensive sector for cost of data breach for the 13th consecutive year, according to the 2023 Cost of a Data Breach report by IBM."
Recent research from the Blockchain integration in healthcare: a comprehensive investigation of use cases, performance issues, and mitigation strategies article further emphasizes this, noting that "with increasing digitization and a vast population, data management and safeguarding sensitive patient data have become paramount." The comprehensive investigation reveals a security gap, "Despite the extensive framework that different countries' laws and regulations have provided for protecting personal information, there is still a problem. Due to the sensitive nature of healthcare information, there is a high demand for it on the dark web, and attackers are willing to pay a high price for it."
Valuable assets combined with inadequate protection create the right environment for cryptocurrency-enabled attacks. The World Economic Forum notes that "the rise in hacker sophistication in the healthcare sector has made breaches harder to prevent and more damaging," a trend that cryptocurrency payments have accelerated by reducing the risks and barriers for cybercriminals.
Research by Coventry and Branley shows that "Healthcare data is substantially more valuable than any other data. The value for a full set of medical credentials can be over $1000." This pricing makes healthcare records more valuable than credit card information on underground markets, providing motivation for criminals to target these systems using cryptocurrency-facilitated payment methods.
One of the ways cryptocurrency enables healthcare breaches is through ransomware attacks. These campaigns encrypt hospital systems, patient databases, and medical equipment, demanding payment in cryptocurrency before restoring access. Bitcoin, Monero, and other digital currencies have become the preferred payment method for ransomware operators because they offer privacy and can be transferred across borders without traditional banking oversight.
The impact of cryptocurrency-enabled ransomware on healthcare was displayed in 2024 when UnitedHealth Group fell victim to a cyberattack. The attack on Change Healthcare, UnitedHealth's subsidiary that processes one in three patient records in the United States, demonstrates how cryptocurrency facilitates these breaches.
UnitedHealth CEO Andrew Witty revealed during Senate testimony that cybercriminals accessed Change Healthcare through a server lacking multi-factor authentication—a basic security measure that Senator Thom Tillis characterized as "some basic stuff that was missed." The Blackcat ransomware group (also known as Noberus and ALPHV) exploited this vulnerability to encrypt healthcare infrastructure and demand payment in cryptocurrency.
Faced with failed payment systems that left doctors unable to fill prescriptions or receive payment for services, Witty made what he called "one of the hardest decisions I've ever had to make"—authorizing a $22 million Bitcoin ransom payment.
The dominance of these attacks has changed how healthcare data breaches are viewed. Coventry and Branley observe that "As of 2015, hacking has become the leading cause of health data breaches," marking a shift from traditional insider threats to external attacks enabled by cryptocurrency payment systems.
The scale of this threat has grown over the past decade. According to research published in Ransomware Attacks and Data Breaches in US Health Care Systems, "ransomware attacks increased from 0 cases in 2010 to 31% (222 of 715) of breaches in 2021." This growth shows how cryptocurrency has transformed ransomware from a rare occurrence to a dominant threat in healthcare cybersecurity.
Healthcare breaches involving cryptocurrency have devastated institutions worldwide. The WannaCry ransomware attack exemplified this threat when it "infected more than 300,000 computers across the world demanding that users pay bitcoin ransoms" as noted by Coventry and Branley.
The economic consequences of cryptocurrency-enabled healthcare breaches extend beyond immediate ransom payments. The Ponemon Institute research cited by Coventry and Branley reveals that "the average cost for each lost or stolen healthcare record containing sensitive and confidential information as $380."
The scale of the problem is evident in recent statistics from the World Economic Forum, which reports that "more than 41 million healthcare records being reported as breached in the first half of the year." This represents an unprecedented level of patient data exposure, much of it facilitated by cryptocurrency-enabled attacks that have made healthcare breaches more profitable and less risky for criminals.
The UnitedHealth breach exemplifies these costs. Beyond the $22 million ransom payment, the company faced $2.4 billion in response costs and implemented a temporary funding assistance program to support healthcare providers who lost access to payment systems. The company provided interest-free loans to affected providers, showing how cryptocurrency-enabled attacks create ripple effects throughout the entire healthcare ecosystem.
Beyond direct financial losses, these attacks threaten the doctor-patient relationship. As Coventry and Branley warn, "Ongoing publicity associated with large breaches may compromise patient trust which could result in less willingness to share data." This concern is now evident, with the World Economic Forum citing "a recent survey found that an overwhelming 95% worry about the potential theft or online leaks of their sensitive health data."
Cryptocurrency facilitates the buying and selling of stolen healthcare data on dark web marketplaces. Medical records contain personal information including names, addresses, social security numbers, insurance details, and complete medical histories. This data is valuable to identity thieves and fraudsters.
Cryptocurrency transactions enable these illegal marketplaces to operate with reduced risk of detection. Buyers and sellers can exchange payments without revealing their identities or locations, making it difficult for law enforcement to trace transactions or identify perpetrators. The decentralized nature of many cryptocurrencies means there is no central authority that can freeze accounts or reverse transactions, providing additional protection for criminals.
Healthcare data theft often involves criminal networks that specialize in different aspects of the operation. Some groups focus on initial system penetration, others on data extraction and organization, while still others handle the marketplace sales and cryptocurrency laundering.
The global and decentralized nature of cryptocurrency presents challenges for regulators and law enforcement agencies attempting to combat healthcare breaches. Traditional financial regulations that apply to banks and payment processors often do not cover cryptocurrency transactions, creating regulatory gaps that criminals exploit.
International coordination becomes difficult when dealing with cryptocurrency-enabled healthcare breaches. Attacks may originate from one country, target healthcare systems in another, and involve cryptocurrency exchanges in multiple jurisdictions. This can delay investigations and make it difficult to recover stolen funds or prosecute perpetrators effectively.
The UnitedHealth case illustrates these challenges. Despite the public nature of the Bitcoin blockchain transaction showing the $22 million payment, law enforcement faces obstacles in tracking the funds once they enter cryptocurrency.
They often use mixers, privacy coins, or decentralized exchanges to obscure the transaction trail.
Some insurers cover ransom costs, which can indirectly incentivize attackers to keep targeting healthcare.
Yes, insiders may sell access or data for crypto payments.
As both digitization and cryptocurrency adoption grow, these breaches are expected to become more frequent.