The pharmaceutical industry is increasingly becoming a goal for cyber attacks
The number of hacker attacks of healthcare organizations since the beginning of the year has increased by almost a quarter. Most often, attackers attack the pharmaceutical industry, which now accounts for 40% of all incidents, but at the same time, the databases of pharmacy customers are increasingly stolen. The attention of hackers switches to less protected industries, experts are sure.
In the first quarter of 2025, medical institutions were included in the top 3 of the most attacking areas in Russia, along with state institutions and industrial companies, Positive Technologies (PT) experts told Kommersant. The dynamics has been recorded from last year, which accounted for one and a half times more attacks than in 2023. The ultimate goals of the attackers are personal data and the receipt of ransom.
The total number of attacks in the first quarter of 2025 at the healthcare organization amounted to slightly less than 2.4 thousand, the Red Security SOC experts add. According to them, this is 24% more than in the same period of 2024. The most attacks since the beginning of the year – 40% were on pharmaceutical industrial companies, while in 2024 their share did not exceed 10%.
The main peak of the activity of attackers was recorded in January 2025, when medical organizations collided with almost a half of the total number of attacks per quarter. The company’s analysts emphasize that about 20% of the attacks on medical institutions in the first quarter were critical. The growth of attacks on the pharmaceutical company is also confirmed by the head of the Cyber Overcast company Bastion, Konstantin Larin. According to him, last year their number increased by 30–35%.
Ilnaz Gataullin connects attacks at the Farm -Company, head of the Threat Intelligence Center, Red Security, with the expansion of the hackers attention spectrum: “They shift the focus to those industries that are less protected.” Excumist an attacks are one of the main threats to medical institutions, adds an analyst at the PT research group Anna Vyatkin. “Such attacks can cause violations in the work of enterprises, which risks leading to serious consequences, for example, interruptions in the supply of medicines to pharmacies,” she adds. In terms of theft of information of attackers, both personal data of customers, employees and partners of the victims, as well as their medical information.
Since the attackers are not only independent actors, but also prosperous groups, espionage and repayment and reputation damage were additional objectives of the attackers, experts of the F6 Cyber intelligence department noted. Among the groups, they call Lazy Koala, Hellhounds and Sticky Werewolf. The latter used a disguise as a acceptance for analysis of the work of surgical departments of one of the medical centers, for application and vouchers in a sanatorium and invitations to medical conferences.
In addition to attacks, the IB companies record the growth of hackers’s attention to pharmacy networks. In 2024, F6 experts recorded several published databases of Internet-APTKs and medical clinics. Also in the fall, specialized forums published an announcement on the sale of access to the servers of one large network of Russian pharmacies with the level of privileges of the administrator, as well as a database containing about 1.2 million customer entries (including native fullware, telephone numbers, email addresses, hash passwords, gender dates and temporary marks).
The head of the technical infrastructure department of the clinic “Be Healthy”, Alexei Vyukov, refused to describe specific incidents, refused, citing internal regulations, but noted that in 2025, attacks on medical institutions became more sophisticated. The fact that cyberism for medical institutions today is becoming more and more multi -level, the director of communications of the Clinic Fomina network, Alexander Milchi, also agrees. According to him, attempts by external penetration are regularly recorded, but the company did not have serious incidents. «
