2026年全球医疗行业威胁态势报告

TLP:WHITEThis report may be shared without restriction. Contents Introduction1 Part II: Tactics, Techniques, and Procedures16 Annual Member Survey Insights3Survey Background................................................................ 3Survey Findings...................................................................... 4Key Insights5Part I: The Current Threat Landscape6Physical Security.................................................................... 6Physical Security / Violence Legislation – U.S. and Global...... 6Man-Made and Natural Threats to Security................................ 6Cybercriminal Activity............................................................ 8Hacktivist Attacks Against the Health Sector............................. 8Data Breaches — Episource........................................................... 8Significant Takedowns.......................................................... 9RaccoonO365 Disruption................................................................ 9Ransomware Gangs Attacking Health Sector............... 10Qilin.................................................................................................. 10INC Ransomware.......................................................................... 10SAFEPAY.......................................................................................... 10Sinobi................................................................................................ 11WorldLeaks..................................................................................... 11Ransomware Trends in the Health Sector...................... 12Emerging and Receding Ransomware Groups....................... 12Ransomware Insights ................................................................... 12Nation-State Activity............................................................ 13DPRK Remote IT Worker Campaigns........................................ 13Geopolitical Activity............................................................14Israel-Iran War................................................................................. 14Hybrid Warfare................................................................................ 14Medical Device Cybersecurity ........................................... 14Contec CMS 8000 Patient Monitor............................................ 14Legacy Devices.............................................................................. 15DICOM/PACS Exposure ................................................................ 15 Social Engineering...............................................................16ClickFix and FileFix......................................................................... 16QR Code Phishing........................................................................... 17Cleo Compromise Victim Bundling.................................. 17Malicious Activity Observed by Members....................... 18XWorm.............................................................................................. 18NetSupportRAT............................................................................... 18njRAT................................................................................................. 18SocGholish....................................................................................... 18AsyncRAT......................................................................................... 18Breakdown of 2025 MITRE ATT&CK Data...................... 19Notable Vulnerabilities....................................................... 19Microsoft SharePoint ToolShell.................................................. 19Cisco ASA 5500-X Series............................................................. 19Popular Targeted Alerts...................................................... 20Dangling DNS.................................................................................. 20Citrix Netscaler ADC and Citrix Gateway.................................. 20BeyondTrust.................................................................................... 21CEO Doxxing.................................................................................... 21Remote Desktop Protocol Exposures........................................ 21 Part III: Future Cybersecurity Outlook22 Business Resilience.............................................................22Business Resiliency Looking into 2026........................... 23 Conclusion24 Introduction 2025 was defined by a critical escalation in the volume, complexity, and systemicrisk facing the global health ecosystem. As the digital transformation of the healthsector—from advanced medical devices to telehealth platforms—continued toaccelerate, it expanded the attack surface, confirming that the health industryremains a primary, high-value target for cybercriminals and nation-state actors alike. The primary threat facing the health sector remainsransomw