SMBs and healthcare face relentless cyber threats, SonicWall warns

SonicWall has released its 2025 Annual Cyber Threat Report, painting a stark picture of the evolving cyber threat landscape. Healthcare organizations and small and mid-sized businesses (SMBs) remain prime targets as attackers leverage automation, artificial intelligence (AI), and sophisticated evasion tactics to bypass traditional security defenses.

With cybercriminals moving at unprecedented speeds to exploit vulnerabilities, experts emphasize that SMBs and healthcare providers can no longer afford to tackle cybersecurity alone.

“Threat actors are typically motivated by financial gain or destruction. Ransomware continues to surge because it remains highly profitable, and attackers are evolving,” Douglas McKee, executive director of threat research at SonicWall, tells SecurityInfoWatch. “AI is helping them generate new variants that evade detection, while widespread SSL VPN vulnerabilities in 2024 provided easy, often automated, entry points for deployment. As long as ransomware pays, threat actors will keep innovating.”

Ransomware and IoT Threats Escalate, Impacting Healthcare

The 2025 report highlights a sharp rise in ransomware incidents, particularly in North America, where attacks have increased by 8%, and in Latin America, where they have surged by 259%. McKee explains that in 2024, IP cameras were a major target, with over 17 million attacks recorded. “While the surge happened this year, most attacks exploited older vulnerabilities, particularly Hikvision’s Command Injection (CVE-2021-36260) and Authentication Bypass (CVE-2017-7921). This highlights the ongoing risk of unpatched IoT devices in the wild,” he says.

According to the SonicWall report, ransomware was responsible for 95% of all breaches in the healthcare sector, demonstrating cybercriminals' continued reliance on this lucrative method of attack. The report further details that the average ransomware payment reached $850,700 in 2024, with total related losses often exceeding $4.91 million when factoring in downtime and recovery costs.

The report also notes that the United States healthcare sector faced unprecedented challenges, with over 198 million American patients impacted by ransomware. High-profile incidents such as the Change Healthcare breach, which affected more than 100 million individuals, underscore the vulnerability of healthcare networks. The report states that highly visible ransomware groups like LockBit and BlackCat (formerly ALPHV) leveraged Ransomware-as-a-Service (RaaS) models to carry out widespread attacks and take advantage of critical vulnerabilities to infiltrate systems.

Moreover, SonicWall warns that 60% of exploited healthcare vulnerabilities originated from Microsoft Exchange Server flaws like ProxyShell and ProxyLogon. Another major contributor to breaches was the MOVEit SQL injection vulnerability (CVE-2023-34362), which was responsible for numerous data theft incidents, including an attack on CareSource affecting over 3 million patients.

SMBs Under Siege

As attackers refine their techniques, SMBs face a perfect storm of cyber threats, including ransomware, business email compromise (BEC), and cloud-based attacks.

“SMBs’ limited security budgets, less mature security programs and slower ability to adapt to evolving threats make them prime targets,” McKee says. “Attackers see SMBs as easier to breach yet still holding valuable data, driving a growing wave of cyberattacks against them.”

McKee notes that attack patterns and tactics, techniques and procedures (TTPs) on SMBs and larger enterprises are fundamentally similar, with threats that once targeted only enterprises now hitting even micro SMBs.

“The key difference is that SMBs often lack the resources, expertise, and security maturity to detect, respond to, and recover from these attacks effectively, making the impact far more severe,” he explains.

The report warns that 61% of the time, hackers leverage new exploit code within 48 hours of its public disclosure, leaving many organizations vulnerable due to slow patching processes. It also states that preventive measures saved organizations from a potential 68 days of downtime in 2024.

The Path Forward: Security Strategies for SMBs

With cybercriminals exploiting new vulnerabilities within an average of two days, organizations must swiftly close the gap in their patching timelines. McKee emphasizes: “SMBs should not go it alone. Partnering with security experts and implementing 24/7 monitoring can significantly improve prevention, detection and response. This also streamlines patch management and vulnerability identification, helping to reduce the critical patching window and strengthen their overall security posture.”

To strengthen their defenses, McKee says that many SMBs still struggle to implement industry best practices regarding detection and response. Prioritizing real-time patch management, a Zero Trust approach and 24/7 SOC services through MSPs/MSSPs can make a big difference.

“Strengthening ransomware defenses with backups, EDR and network segmentation is key, along with locking down IoT devices and cloud environments using MFA and least privilege access,” he explains. “And since human error remains a major risk, ongoing cybersecurity awareness training is a must. The 2024 SonicWall threat report provides detailed and actionable tips and solutions for solid security hygiene.”

The report also emphasizes that business email compromise (BEC) remains one of the top cyber threats, stating that nearly one-third of all reported cyber events were BEC attacks, up dramatically from only 9% in 2023. Additionally, it highlights that identity, cloud and credential compromise account for 85% of actionable alerts.

Cybersecurity Requires a New Mindset

With businesses now under critical attack for an average of 68 days, taking immediate action is crucial. The 2025 SonicWall Cyber Threat Report emphasizes that businesses — especially SMBs—must transition from a reactive security posture to a proactive one, incorporating real-time monitoring, AI-driven defenses, and expert guidance from security providers.

The report underscores that "IoT attacks (+124%) and encrypted threats (+93%) continue to climb globally," highlighting connected devices as a growing risk. Additionally, SonicWall’s Real-Time Deep Memory Inspection (RTDMI) technology "identified a total of 210,258 ‘never-before-seen’ malware variants, averaging 637 new threats daily." The report also notes that hackers are leveraging AI to create new attack vectors, enabling them to evade traditional security measures at an alarming rate.

The rising sophistication of cyber threats calls for immediate investment in modern security frameworks. The report suggests implementing a Zero Trust model, enhancing endpoint security, and increasing security awareness training to mitigate evolving risks.

For more insights and to access the full 2025 SonicWall Cyber Threat Report, go here.