A new report from Resilience outlines a growing cyber crisis in the U.S. healthcare sector, where ransomware attacks, vendor compromise, and human error continue to cause widespread disruption. In 2023, breaches exposed 168 million records, and the first half of 2025 has already seen extortion demands as high as $4 million. The sector remains vulnerable, despite large investments in security tools and insurance.
Severity of cyber claims in healthcare (Source: Resilience)
The report highlights a major incident in February 2024, when Change Healthcare’s systems were hit by ransomware. That breach disrupted care across the country and exposed 190 million records. Resilience uses it as a case study of how third-party failures can affect the entire healthcare system.
Resilience’s internal data shows that while average loss severity dropped to $800,000 in 2024, it may rise to $2 million in 2025. Most attacks now involve ransomware or transfer fraud. The groups behind them are no longer limited to a few well-known names. While BlackCat and Cl0p are active, most successful attacks come from a broader mix of actors like Lockbit, Medusa, and Interlock. Healthcare organizations may be developing defenses against headline groups but are still exposed to smaller, more nimble ones.
Supply chain risk stands out as a rising concern. The interconnected nature of healthcare means a single compromised vendor can ripple across multiple systems and facilities. Human error also plays a large role. Misconfigured tracking pixels and poor data handling practices continue to expose sensitive patient information.
Despite the mounting risk, cybersecurity remains a low priority for healthcare leadership. In a 2025 survey, only one in three executives listed it as a top concern. Many cited cost or compliance as bigger challenges. Nearly one in five said a cyberattack had already disrupted patient care, and more than half believe a fatal incident is inevitable in the next five years.
There is also a gap between confidence and preparedness. While 80 percent of leaders said their teams could stop AI-driven attacks, only 53 percent run phishing simulations and 17 percent lack an incident response plan. Almost half of surveyed organizations do not conduct proactive IT risk assessments.
Researchers contrasts two case studies to show the results of reactive versus strategic security planning. One mid-sized health system was breached despite a large security budget. Poor vendor oversight, failed disaster recovery tests, and untested backups left them exposed. In contrast, a biotech firm used financial risk modeling to guide investment decisions, quantify ROI, and validate security improvements with tabletop exercises. The result was executive buy-in and better alignment between risk and budget.
To improve resilience, researchers offers several key recommendations:
- Include all critical data types in tested backup strategies
- Treat insurance policies as sensitive documents
- Train staff on phishing, social engineering, and safe data handling
- Monitor third-party vendors continuously, not just on paper
- Quantify cyber risk in financial terms to guide investment
- Regularly test incident response plans under realistic conditions
“Security teams should take a proactive, financially driven approach to their security posture, focusing on the threats that pose the largest risk and building contingencies through backups and incident response planning to better build cyber resilience,” David Meese, Director of Security and Risk Services at Resilience, told Help Net Security.
Source link
