Threatonomics

The healthcare cybersecurity crisis that’s costing organizations millions in damages

by Emma McGowan , Senior Writer
Published

How data-driven cyber risk management is transforming security from operational expense to strategic advantage

The U.S. healthcare sector faces an unprecedented cybersecurity crisis. With 168 million healthcare records breached in 2023 and ransomware attacks surging 32% in 2024, the industry confronts threats that have evolved beyond data theft to sophisticated campaigns capable of paralyzing critical patient care infrastructure.

Despite these trends, cybersecurity often receives insufficient leadership attention. A 2025 survey of 250 healthcare business leaders revealed cybersecurity ranked last among primary business challenges, with only 33% citing it as a concern. This strategic misalignment creates significant organizational risk, particularly when healthcare breaches now cost an average of $15 million—nearly double the global average.

A new Resilience whitepaper on the state of cybersecurity and healthcare provides detailed examination of in-depth case studies, comprehensive threat intelligence analysis, financial risk modeling methodologies, detailed implementation frameworks for Zero Trust architecture, and specific recommendations based on Resilience’s proprietary claims data and real-world organizational outcomes.

The current healthcare threat landscape

Healthcare has emerged as the third most targeted sector, with systemic vulnerabilities evident in key metrics:

  • 168 million healthcare records breached in 2023—more than half the U.S. population
  • 278% increase in ransomware incidents since 2018
  • 80% of healthcare organizations targeted by cyberattacks within the past year

The February 2024 Change Healthcare incident, exposing 190 million records and disrupting nationwide operations, demonstrates how single vendor compromises can impact the entire healthcare ecosystem.

While 80% of healthcare leaders express confidence in defending against AI-powered cyberattacks, operational readiness reveals significant gaps:

  • Nearly one-third do not regularly train employees on cyber threat response
  • 47% do not conduct regular phishing simulations
  • 17% lack current incident response plans
  • 40% do not conduct proactive IT risk assessments

Analysis of Resilience’s healthcare-specific claims data shows average claim severity reached $1.6 million in 2023, with early 2025 indicators suggesting potential increases to over $2 million per incident, including extortion demands as high as $4 million.

Five critical attack vectors

Modern healthcare cybersecurity encompasses interconnected threats:

  1. Ransomware with double extortion: Groups that encrypt systems and steal data for additional leverage
  2. Supply chain attacks: Single vendor compromises cascading across provider networks
  3. Insider threats: 70% from errors and privilege misuse rather than malicious intent
  4. Advanced social engineering: Increasingly sophisticated AI-leveraged attacks
  5. Large-scale data disclosures: Fewer incidents but dramatically increased scale

Healthcare organizations require comprehensive understanding of current threat landscapes and proven mitigation strategies to build effective cyber resilience. The stakes—measured in patient safety, operational continuity, and financial impact—demand strategic, data-driven approaches to cybersecurity investment.

Download the complete whitepaper to access the full analysis, detailed case studies, and specific implementation guidance necessary for building strategic cyber resilience in your healthcare organization.

Healthcare’s Cyber Crisis: Building Strategic Resilience in an Era of Unprecedented Threats” provides comprehensive analysis and actionable recommendations based on proprietary claims data, industry intelligence, and organizational case studies.

About the Author
Emma McGowan , Senior Writer

Emma McGowan is the Senior Writer for industry-leading cyber risk company Resilience. She has been a full-time writer and editor for over 10 years, focused on technology and women’s health. Tech-fluent and highly motivated, Emma brings holistic experience leading brands in the delivery of high-quality, high-impact, multimedia digital content supported by strategy, planning, and performance analysis.

You might also like

Killing legacy systems might be your smartest financial move 

Every CISO has that one system. Maybe it’s running on Windows Server 2008. Maybe it’s the manufacturing control system that predates your current CEO. Maybe it’s the ancient database that three different business-critical applications depend on, maintained by one person who’s been threatening to retire for five years. You know these systems are problems. Your […]

What your CFO actually cares about (and how to speak their language)

You walk into your CFO’s office with a carefully prepared business case for a critical security investment. The risk assessment is complete, the vulnerabilities are documented, and you’re ready to make your argument. But the moment you mention “attack surface” or “zero-day vulnerabilities,” you can see their attention drift. The issue isn’t that your CFO […]

Risk Briefing: Cyber extortion has fundamentally changed

On January 14, 2026, Resilience launched its inaugural Risk Briefing Series with a clear message for CISOs: the cyber extortion playbook has been rewritten, and organizations relying on traditional defenses are dangerously exposed. In the first session of this monthly intelligence series, Jud Dressler, Director of Resilience’s Risk Operations Center and retired U.S. Air Force […]

The 65% shift that proves ransomware as we know it is dead

The cybersecurity industry has a terminology problem. We’re still calling it “ransomware” when the majority of attacks no longer encrypt and request a ransom for decryption as their primary weapon. Resilience’s analysis of cyber extortion claims in our portfolio throughout 2025 reveals a dramatic acceleration in attack methods. Data theft extortion-only events rose from 49% […]

Why your enterprise risk framework needs threat intelligence

Here’s a question that should make any enterprise risk management (ERM) professional uncomfortable: How can you manage a risk you don’t even know exists? In my role leading threat intelligence at Resilience, I work at the intersection of cybersecurity and business risk. And I’ve noticed a persistent gap: many ERM professionals know cyber risk belongs […]

Your 90-day roadmap to sustainable vendor risk management

We’ve covered why vendor discovery matters, how to mine data streams for comprehensive vendor identification, which vendor categories are commonly overlooked, and how to implement risk-based tiering. Now comes the critical question: how do you actually implement this in your organization and make it sustainable over time? Chuck Norton from Resilience emphasizes the resource reality: […]