In 2024, the healthcare sector faced an unprecedented wave of cyber attacks, with 276 million patient records exposed globally. Among the most insidious threats was MedStealer, a malware strain that targeted electronic health records (EHRs), insurance databases, and patient portals.Attack vectors ranged from phishing campaigns impersonating medical platforms like Zocdoc to SQL injection attacks on unpatched servers. The malware’s primary objective was to exfiltrate personally identifiable information (PII), insurance details, and medical histories, which were later sold on dark web markets for premiums exceeding $1,000 per record.