Healthcare firms’ hack-related losses outpace those of other sectors

Dive Brief:

• The number of healthcare organizations that have lost more than $200,000 to cyberattacks has quadrupled this year compared with the same period in 2024, data security firm Netwrix said in a report published Thursday.
• Nearly half of all healthcare organizations (48%) experienced at least one intrusion between March 2024 and March 2025, the report found.
• Healthcare organizations experienced more cyberattack-related losses of at least $500,000 than critical infrastructure firms did, on average: 12% of healthcare organizations, compared with 6% of all organizations.

Dive Insight:

The new findings from Netwrix expand on trends the company identified in its annual threat report in April, which described challenges such as understaffed security teams, threats from AI that have scrambled businesses’ strategies, and the predominance of phishing and user account compromises in hackers’ tactics.

Thursday’s healthcare-specific report — based on interviews with 2,150 IT and security professionals at organizations in 121 countries — shows that the sector remains a top target of hackers. Nearly one-third of organizations said they had experienced attacks in which hackers commandeered user accounts, and 37% of respondents identified AI-powered cyberattacks as a major concern that requires better defenses.

“Healthcare is being hit harder than other industries because attackers know patient records carry high value and operations can’t afford disruption,” Netwrix CEO Grady Summers said in a statement. “These attacks often start with compromised credentials, which is why identity has to be the first line of defense for patient data.”

The finding that 12% of healthcare organizations experienced hack-related losses above $500,000 is significant not only because of how it compares to the cross-sector average. It represents a major increase from 2024, when Netwrix reported that only 2% of healthcare organizations experienced losses that big.

Netwrix executives said that the rise of AI required organizations to double down on the basics of zero-trust networking, especially protecting their identity infrastructure.

“Attackers are moving faster than defenders, and AI is widening that gap,” Jeff Warren, the company’s chief product officer, said in a statement. “Closing it requires resilience built on an identity-first approach that protects both accounts and the sensitive data they can access.”