The healthcare industry is a primary target for cyberattack, with increasingly sophisticated and highly-motivated adversaries seeking to exploit both human and technological vulnerabilities more frequently than ever before. Cynerio concludes the three most common threats affecting healthcare organizations today are: Ransomware, vendor firmware, unpatched operating systems, unsecured services and open communications protocols. Unpatched, URGENT/11 or Ripple20 vulnerabilities can lead to the exposure and theft of electronic protected health information (ePHI) attacks powerful enough to shut down clinical networks.
Source: https://www.helpnetsecurity.com/2021/05/04/healthcare-implementing-zero-trust/