Ransomware to Threaten Latin America’s Healthcare Sector in 2025

Latin America’s healthcare sector will face a significant increase in ransomware attacks during 2025, say cybersecurity specialists. These attacks represent a growing threat with severe economic and operational impacts for hospitals, clinics, and healthcare centers.

Jairo Parra, Cybersecurity Expert, Akamai Technologies, explains that cyberattacks against the healthcare sector have increased due to the digital transformation that these institutions are undergoing. However, many organizations lack the necessary resources, training, and strategies to prevent and respond to these threats. "Hospitals and clinics become attractive targets because of the desperation factor, which increases the likelihood of ransomware," says Parra.

The healthcare sector is one of the most vulnerable to ransomware attacks due to a lack of infrastructure and personnel specialized in cybersecurity, says Tecno Seguro. Many hospitals do not have a chief information security officer or dedicated IT staff. In addition, doctors, nurses and administrative staff often lack the knowledge to identify threats such as phishing.

Patient medical data, which includes confidential and highly sensitive information, is a prime target for cybercriminals. According to Akamai’s Cyberattack Healthcare report 2024, this data can be resold on the black market, and can also be manipulated to extort money from affected institutions, which often seek to avoid public scrutiny and legal consequences resulting from a data breach.

Vulnerabilities and their impacts

Parra says that one of the biggest threats is the vulnerability known as Broken Object Level Authorization (BOLA), which ranks first on the list of security risks for APIs according to OWASP. This vulnerability allows attackers to manipulate input parameters to access unauthorized data or perform illicit actions within systems. "BOLA is difficult to detect and represents a significant risk to APIs, which are essential in modern healthcare technology environments," says Parra.

The costs associated with attacks are high. On average, according to Compatitech, healthcare institutions lose US$900,000 per day due to downtime caused by attacks. Ransom payments can also be considerable, with an average of US$4.4 million among organizations that admitted to paying.

The operational impact of these attacks can cripple IT systems, delay diagnosis and treatment, and put patients' lives at risk by disrupting critical services. These consequences are compounded in regions where healthcare facilities are the only healthcare option for entire communities.

Recommended Prevention Measures

To mitigate these threats, Parra recommends adopting proactive cybersecurity measures. His suggestions include implementing software-based micro-segmentation to reduce risks without the need for expensive hardware, detecting lateral movements and threats in real time through integrated platforms, applying zero trust principles in hybrid cloud ecosystems, performing continuous inventories of APIs, auditing APIs to identify vulnerabilities and misconfigurations that can be exploited, and using contextual information to detect suspicious behaviors, data breaches, and automated attacks.