Proofpoint Cyber Insecurity in Healthcare 2025

Keypoints

• Annual healthcare cybersecurity reports typically begin with an executive summary that highlights the study purpose, sample size, and the most important high-level findings such as attack frequency, cost, operational disruption, and patient safety impact.
• The next section usually presents key findings by threat category, showing which attack types are most common, how often they occur, and what business or clinical consequences follow.
• Methodology sections explain who was surveyed, how many participants responded, the sampling frame, response rate, and the types of organizations represented, helping readers judge reliability and scope.
• Caveats and limitations are generally included to describe possible non-response bias, sampling-frame bias, and the limitations of self-reported data.
• Many reports end with an appendix of detailed tables and cross-tabulated results, often showing year-over-year comparisons, breakdowns by organization type, and deeper statistical cuts behind the headline findings.
• In this study, 93% of surveyed healthcare organizations experienced at least one cyberattack in the last 12 months, and the average organization faced 43 attacks.
• 72% of organizations said a cyberattack disrupted patient care, reinforcing the report’s central theme that cyber incidents are also clinical risks.
• The average cost of the single most expensive cyberattack was $3.9 million, with the largest components being disruption to normal operations, lost productivity, time to correct patient-care impact, and damage or theft of IT assets.
• Cloud/account compromise remained the top threat for the fourth consecutive year, affecting 72% of organizations and averaging 21 compromises over the past two years.
• Ransomware remained severe, with 61% of organizations affected and an average highest ransom payment of $1.2 million.
• Business email compromise, spoofing, and impersonation remained highly disruptive, with 62% of organizations experiencing these attacks and 70% reporting patient care disruption when they occurred.
• Supply chain attack prevalence fell sharply to 44% from 68% in 2024, but the impact stayed serious: 87% of respondents said these incidents disrupted patient care.
• Cloud/account compromises also had strong clinical consequences, with 61% reporting disruption to patient care operations.
• Insider-related data loss remains a major issue: 96% of organizations had at least two data loss or exfiltration incidents in the last two years.
• The leading causes of data loss were employee negligence, privilege access abuse, and sending PII or PHI to the wrong recipient.
• AI adoption is increasing, with 57% of respondents saying AI is embedded in cybersecurity or both cybersecurity and patient care, but 60% said it is difficult to protect confidential data used in AI.
• The report suggests a recurring trend toward cloud migration in clinical environments, with 30% already moved and 45% planning to move clinical applications to the cloud in the future.
• Overall, the report’s main takeaway is that healthcare cyber risk is no longer confined to IT: it directly affects care delivery, patient outcomes, and operational continuity.