In 2024, the healthcare sector faced an unprecedented wave of cyber attacks, with 276 million patient records exposed globally. Among the most insidious threats was MedStealer, a malware strain that targeted electronic health records (EHRs), insurance databases, and patient portals. First observed in early 2024, MedStealer exploited vulnerabilities in legacy healthcare IT systems and third-party vendor networks. Attack vectors ranged from phishing campaigns impersonating medical platforms like Zocdoc to SQL injection attacks on unpatched servers.