On World Health Day, Kaspersky issued a warning about the rising cybersecurity risks associated with the rapid digitization of healthcare services, particularly the widespread adoption of telemedicine.
While digital healthcare has significantly improved access to medical services, it has also expanded the attack surface for cybercriminals. Sensitive patient data, including medical records, is increasingly at risk of being exposed, leaked, and traded on the dark web.
Telemedicine Expansion Outpaces Security Measures
Telemedicine has evolved from a convenient option into a core component of modern healthcare delivery. However, its security infrastructure has not kept pace with its rapid adoption.
Recent incidents demonstrate that these risks are no longer theoretical. In 2023, it was revealed that Cerebral, a major telehealth provider specializing in mental health services, had been sharing sensitive patient data—including mental health assessments, intake information, and personal identifiers—with third-party platforms such as social media and advertising networks. This practice affected millions of users over several years.
Major Breaches Disrupt Healthcare Infrastructure
Incidents reported in 2025 further highlight the scale and severity of cybersecurity threats facing digital healthcare systems.
A breach of the ManageMyHealth patient portal exposed sensitive medical records of more than 120,000 patients. Meanwhile, an attack on SimonMed Imaging compromised over one million records and involved ransomware demands, disrupting operations and threatening service continuity.
These cases underscore how both telemedicine platforms and broader healthcare ecosystems are becoming prime targets for cyberattacks.
Evolving Medical Scam Campaigns Target Patients
In parallel with technical breaches, cybercriminals are increasingly deploying sophisticated scam campaigns centered around healthcare services.
These scams often invite users to book medical check-ups or follow-up consultations through fake websites. Warning signs include recently created domains, non-functional social media links, and the absence of Terms of Use or Privacy Policy pages.
Despite these red flags, such platforms request highly sensitive personal data, including:
- Phone numbers and home addresses
- Insurance details
- Current medications
- Descriptions of symptoms
- Personal photos or images of affected body areas
These fraudulent websites frequently use convincing branding, fake doctor profiles, and urgent calls to action to pressure users into sharing their data. The collected information can later be sold on the dark web, used for identity theft, or leveraged in more targeted cyberattacks.
Medical Data: A High-Value Target for Cybercriminals
According to Kaspersky, medical data is among the most valuable types of personal information due to its potential use in fraud, identity theft, and long-term exploitation.
Anna Larkina, Web Content and Privacy Analysis Expert at Kaspersky, noted that while digital healthcare enhances access to care, it also significantly expands the cyber threat landscape. She emphasized that patients should treat digital healthcare services with the same level of caution as financial platforms.
Key Recommendations to Protect Patient Data
To mitigate risks associated with telemedicine and digital healthcare platforms, Kaspersky recommends:
- Treat promotional offers for medical consultations with skepticism, especially those creating urgency or requesting sensitive data upfront
- Use only official websites and verified applications when booking appointments
- Verify the legitimacy of healthcare providers before sharing any personal information
- Avoid clicking on links received via email or messaging apps from unknown sources
- Install trusted security solutions equipped with AI-powered anti-phishing protection
Toward a Safer Digital Healthcare Experience
As healthcare continues its digital transformation, integrating cybersecurity and data privacy into the core of patient care is no longer optional—it is essential.
With the growing reliance on telemedicine and digital platforms, ensuring the protection of sensitive health data requires a shared responsibility between service providers and users. Strengthening awareness and adopting proactive security measures will be critical to maintaining trust and safeguarding the future of digital healthcare.