Over the 12 months from March 2024 to March 2025, almost half of healthcare organizations experienced at least one data incident, such as a ransomware attack, hacking incident, or phishing attack, according to the cybersecurity firm Netwrix. For its 2025 Cybersecurity Trends Report, Netwrix surveyed 2,150 IT professionals from 121 countries in March 2025 and compared the findings to previous surveys conducted in 2024, 2023, and 2020.
Healthcare has long been targeted by threat actors due to the high value of patient records, and the fact that healthcare organizations cannot tolerate disruption, as it puts patient safety at risk. The sector is extensively targeted by ransomware groups as there is a higher probability that the ransom will be paid to prevent the publication of stolen data and ensure a fast recovery. In the past 12 months, 48% of healthcare organizations experienced at least one security incident that required a dedicated response from the security team.
Across all sectors, the number of organizations reporting no impact from security incidents is rapidly reducing. In 2023, 45% of respondents said there was no impact from security incidents, whereas in 2025 the percentage had fallen to just 36%. In 2024, 60% of organizations reported suffering financial damage due to cyberattacks, and the percentage jumped to 75% in 2025. Across all sectors, the number of organizations reporting financial damage of at least $200,000 almost doubled from 7% in 2024 to 13% in 2025.
Netwrix reports that four times as many healthcare organizations suffered financial losses of at least $200,000 in 2025 as in 2024. In 2024, only 2% of healthcare organizations experienced cyberattack-related losses of more than $500,000, compared to 12% in 2025. The report confirms that healthcare faces the biggest financial impact from cyberattacks. In 2025, 6% of all industries suffered cyberattack-related financial losses of more than $500,000, compared to 12% in healthcare.
The Netwrix survey revealed that almost one-third of healthcare organizations experienced security incidents involving compromised user/admin accounts. Phishing remains the most prevalent threat, and attacks are becoming harder to identify due to attackers’ use of AI tools for their phishing and social engineering campaigns. 37% of healthcare respondents said AI-driven threats require stronger defenses.
“Research strongly suggests that attackers are ahead in AI adoption, which is pushing defenders into a reactive posture. Indeed, 37% of survey respondents say AI-driven threats forced them to adjust — that’s a direct reaction to the offensive use of AI by adversaries, “ explained Jeff Warren, Chief Product Officer, Netwrix. “At the same time, 30% haven’t even started AI implementation and are in “considering” mode, indicating a significant lag in adoption. It’s fair to say that attackers are moving faster with AI, and defenders are scrambling to catch up. This asymmetry is not new in cybersecurity, but AI appears to be accelerating it.”
In 2025, the top three threats in the cloud and on-premises were the same. Phishing was the most common cause of security incidents (76% cloud; 69% on-premises), followed by user/admin account compromise (46% cloud; 45% on-premises), and ransomware and other malware attacks (30% cloud; 31% on-premises).
“Ransomware attacks on premises are becoming less frequent, while the rate for cloud infrastructure remains steady,” explained Warren. “As businesses shift critical operations and sensitive data to the cloud, attackers increasingly see cloud workloads as high-value targets worth encrypting or exfiltrating for ransom. And it’s a numbers game, too. Some attackers don’t target the cloud per se; they target everything. As more infrastructure moves to the cloud, the odds of hitting a cloud tenant go up.”
The main challenges for security teams are understaffed IT and security departments, a lack of budget for data security initiatives, mistakes/negligence by business users, and a lack of cybersecurity expertise within the IT and security teams. Unsurprisingly, given the staffing problems at many organizations, one of the main priorities is the automation of manual IT processes, and while AI tools can help in this regard, it is important to ensure that the tools are not granted excessive privileges and that there is proper governance.
As AI adoption by cybercriminals accelerates, organizations need to respond. Warren suggests that organizations should double down on the basics of zero-trust networking and ensure they are adequately protecting their identity infrastructure, improving resilience by adopting an identity-first approach to protect accounts and the sensitive data they can access.
The post Healthcare Cyberattacks Costing $200K+ Rise 400% in a Year appeared first on The HIPAA Journal.