As the world marks World Health Day, cybersecurity firm Kaspersky has raised fresh concerns over growing vulnerabilities in digital healthcare systems, warning that increased reliance on telemedicine is exposing patients and providers to serious cyber threats.
In a statement released Tuesday, the company noted that while telemedicine has evolved into a critical component of healthcare delivery, its security infrastructure has not kept pace with rapid adoption. This gap, it warned, is leaving sensitive medical data and healthcare systems at heightened risk.
“Medical services can be breached, leading to the leakage of patient records that are then traded on the dark web,” Kaspersky said. “In some cases, entire healthcare operations may also be disrupted.”
Major breaches expose scale of risk
Recent global incidents illustrate the growing threat landscape. In 2023, US based telehealth provider Cerebral disclosed that it had been sharing sensitive patient information, including mental health assessments and personal identifiers, with third party platforms such as social media and advertising networks. The breach affected millions of users over several years.
More recent cases in 2025 point to an escalation in both scale and impact. A breach involving ManageMyHealth exposed medical records of more than 120,000 patients, while an attack on SimonMed Imaging compromised over one million records and involved ransomware demands. These incidents highlight how both telemedicine platforms and broader digital healthcare ecosystems are becoming prime targets for cybercriminals.
Rise of sophisticated healthcare scams
Beyond direct breaches, Kaspersky warned of a surge in sophisticated scam campaigns posing as legitimate telemedicine services. These fraudulent platforms often invite patients for check ups or follow up consultations, while secretly harvesting sensitive personal data.
The company noted several red flags associated with such scams. These include newly created websites, non functional social media links, and the absence of basic legal pages such as Terms of Use or Privacy Policy. Despite this, the platforms often use convincing branding, fake doctor profiles, and urgent messaging to pressure users into sharing personal information.
In some cases, victims are asked to submit highly sensitive data, including identification documents, insurance details, medical histories, and even photographs of physical conditions. Such data can later be sold on the dark web, used for identity theft, or leveraged in targeted extortion schemes.
Call for vigilance and stronger security
According to Anna Larkina, Web Content and Privacy Analysis Expert at Kaspersky, the shift to digital healthcare has significantly expanded the cyber attack surface.
“The digital healthcare experience is transforming access to care, but it is also expanding the attack surface in ways many users underestimate,” she said. “Medical data is highly valuable and actively traded on the dark web, making patients a prime target for fraud and targeted phishing.”
She emphasised that patients should approach digital healthcare platforms with the same level of caution as financial services, including verifying providers, avoiding unsolicited links, and understanding how personal data is handled.
Safety recommendations
To reduce exposure to cyber risks, Kaspersky advises patients to remain cautious when engaging with online healthcare services. Users are urged to treat promotional medical offers with scepticism, especially those that create urgency or request sensitive information upfront. They should rely only on official websites and applications when booking appointments and avoid accessing healthcare services through unsolicited email or messaging links.
Additionally, the use of trusted cybersecurity solutions with AI powered anti phishing capabilities can help detect and block malicious websites before users fall victim.
As digital healthcare continues to expand globally, experts warn that security and privacy must become central pillars of the patient experience, not an afterthought.
