Threatonomics

The healthcare cybersecurity crisis that’s costing organizations millions in damages

by Emma McGowan , Senior Writer
Published

How data-driven cyber risk management is transforming security from operational expense to strategic advantage

The U.S. healthcare sector faces an unprecedented cybersecurity crisis. With 168 million healthcare records breached in 2023 and ransomware attacks surging 32% in 2024, the industry confronts threats that have evolved beyond data theft to sophisticated campaigns capable of paralyzing critical patient care infrastructure.

Despite these trends, cybersecurity often receives insufficient leadership attention. A 2025 survey of 250 healthcare business leaders revealed cybersecurity ranked last among primary business challenges, with only 33% citing it as a concern. This strategic misalignment creates significant organizational risk, particularly when healthcare breaches now cost an average of $15 million—nearly double the global average.

A new Resilience whitepaper on the state of cybersecurity and healthcare provides detailed examination of in-depth case studies, comprehensive threat intelligence analysis, financial risk modeling methodologies, detailed implementation frameworks for Zero Trust architecture, and specific recommendations based on Resilience’s proprietary claims data and real-world organizational outcomes.

The current healthcare threat landscape

Healthcare has emerged as the third most targeted sector, with systemic vulnerabilities evident in key metrics:

  • 168 million healthcare records breached in 2023—more than half the U.S. population
  • 278% increase in ransomware incidents since 2018
  • 80% of healthcare organizations targeted by cyberattacks within the past year

The February 2024 Change Healthcare incident, exposing 190 million records and disrupting nationwide operations, demonstrates how single vendor compromises can impact the entire healthcare ecosystem.

While 80% of healthcare leaders express confidence in defending against AI-powered cyberattacks, operational readiness reveals significant gaps:

  • Nearly one-third do not regularly train employees on cyber threat response
  • 47% do not conduct regular phishing simulations
  • 17% lack current incident response plans
  • 40% do not conduct proactive IT risk assessments

Analysis of Resilience’s healthcare-specific claims data shows average claim severity reached $1.6 million in 2023, with early 2025 indicators suggesting potential increases to over $2 million per incident, including extortion demands as high as $4 million.

Five critical attack vectors

Modern healthcare cybersecurity encompasses interconnected threats:

  1. Ransomware with double extortion: Groups that encrypt systems and steal data for additional leverage
  2. Supply chain attacks: Single vendor compromises cascading across provider networks
  3. Insider threats: 70% from errors and privilege misuse rather than malicious intent
  4. Advanced social engineering: Increasingly sophisticated AI-leveraged attacks
  5. Large-scale data disclosures: Fewer incidents but dramatically increased scale

Healthcare organizations require comprehensive understanding of current threat landscapes and proven mitigation strategies to build effective cyber resilience. The stakes—measured in patient safety, operational continuity, and financial impact—demand strategic, data-driven approaches to cybersecurity investment.

Download the complete whitepaper to access the full analysis, detailed case studies, and specific implementation guidance necessary for building strategic cyber resilience in your healthcare organization.

Healthcare’s Cyber Crisis: Building Strategic Resilience in an Era of Unprecedented Threats” provides comprehensive analysis and actionable recommendations based on proprietary claims data, industry intelligence, and organizational case studies.

About the Author
Emma McGowan , Senior Writer

Emma McGowan is the Senior Writer for industry-leading cyber risk company Resilience. She has been a full-time writer and editor for over 10 years, focused on technology and women’s health. Tech-fluent and highly motivated, Emma brings holistic experience leading brands in the delivery of high-quality, high-impact, multimedia digital content supported by strategy, planning, and performance analysis.

You might also like

Your cyber insurance policy could be a target

Organizations invest heavily in cyber insurance policies to shield their businesses from evolving threats, but many overlook a critical vulnerability: the security of the insurance policy documents themselves. While these policies are designed to protect you from cyber threats, they can become powerful weapons when they fall into the wrong hands. Over the past year, […]

A complete guide to domain spoofing

Domain spoofing is a cyberattack technique most commonly used in phishing and fraud, where criminals impersonate a legitimate organization’s domain name to deceive users. Think of it as digital identity theft at scale: Attackers make fraudulent emails or websites appear as if they originate from your trusted company domain, tricking victims into revealing sensitive data, […]

The 3 types of CISOs: How to succeed in any version – and what to do when you’re misaligned

As the CISO, are you and your organization in alignment? The CISO role has evolved dramatically over the past decade, but organizational cybersecurity programs have not always kept pace.  If you think about CISOs like software versions, version 1.0 is your first generation of CISOs, focused on structure and technical architecture. Version 2.0 moves beyond […]

The Security Squeeze

One of the most important features of the Resilience SaaS platform is our Quantified Cyber Action Plan. It supports CISOs making decisions under risk and uncertainty by providing a prioritization for which cyber controls should be implemented, based on their ROI. The power of this approach lies in the fact that it guides the most […]

How Scattered Spider’s vertical-focused strategy creates industry-wide security emergencies

This post is based on a threat intelligence report by Resilience Director of Threat Intelligence Andrew Bayers. Scattered Spider has emerged as a sophisticated threat actor whose advanced social engineering tactics blur the lines between common cybercrime and nation-state tradecraft. Their tendency to tackle specific verticals at a time – as they did in the […]

The essential guide to cyber incident response leadership and decision making

When 43% of UK businesses report experiencing a cyber breach or attack in just the past year, the question isn’t whether your organization will face a cyber incident—it’s how well you’ll respond when it happens.  This stark reality was at the center of a recent webinar hosted by Resilience, featuring insights from Scott Tenenbaum, Head […]