Healthcare Cyberattacks Costing $200K+ Rise 400% in a Year

Posted by Steve Alder

Over the 12 months from March 2024 to March 2025, almost half of healthcare organizations experienced at least one data incident, such as a ransomware attack, hacking incident, or phishing attack, according to the cybersecurity firm Netwrix. For its 2025 Cybersecurity Trends Report, Netwrix surveyed 2,150 IT professionals from 121 countries in March 2025 and compared the findings to previous surveys conducted in 2024, 2023, and 2020.

Healthcare has long been targeted by threat actors due to the high value of patient records, and the fact that healthcare organizations cannot tolerate disruption, as it puts patient safety at risk. The sector is extensively targeted by ransomware groups as there is a higher probability that the ransom will be paid to prevent the publication of stolen data and ensure a fast recovery. In the past 12 months, 48% of healthcare organizations experienced at least one security incident that required a dedicated response from the security team.

Across all sectors, the number of organizations reporting no impact from security incidents is rapidly reducing. In 2023, 45% of respondents said there was no impact from security incidents, whereas in 2025 the percentage had fallen to just 36%. In 2024, 60% of organizations reported suffering financial damage due to cyberattacks, and the percentage jumped to 75% in 2025. Across all sectors, the number of organizations reporting financial damage of at least $200,000 almost doubled from 7% in 2024 to 13% in 2025.

Netwrix reports that four times as many healthcare organizations suffered financial losses of at least $200,000 in 2025 as in 2024. In 2024, only 2% of healthcare organizations experienced cyberattack-related losses of more than $500,000, compared to 12% in 2025. The report confirms that healthcare faces the biggest financial impact from cyberattacks. In 2025, 6% of all industries suffered cyberattack-related financial losses of more than $500,000, compared to 12% in healthcare.

The Netwrix survey revealed that almost one-third of healthcare organizations experienced security incidents involving compromised user/admin accounts. Phishing remains the most prevalent threat, and attacks are becoming harder to identify due to attackers’ use of AI tools for their phishing and social engineering campaigns. 37% of healthcare respondents said AI-driven threats require stronger defenses.

“Research strongly suggests that attackers are ahead in AI adoption, which is pushing defenders into a reactive posture. Indeed, 37% of survey respondents say AI-driven threats forced them to adjust — that’s a direct reaction to the offensive use of AI by adversaries, “ explained Jeff Warren, Chief Product Officer, Netwrix. “At the same time, 30% haven’t even started AI implementation and are in “considering” mode, indicating a significant lag in adoption. It’s fair to say that attackers are moving faster with AI, and defenders are scrambling to catch up. This asymmetry is not new in cybersecurity, but AI appears to be accelerating it.”

In 2025, the top three threats in the cloud and on-premises were the same. Phishing was the most common cause of security incidents (76% cloud; 69% on-premises), followed by user/admin account compromise (46% cloud; 45% on-premises), and ransomware and other malware attacks (30% cloud; 31% on-premises).

“Ransomware attacks on premises are becoming less frequent, while the rate for cloud infrastructure remains steady,” explained Warren. “As businesses shift critical operations and sensitive data to the cloud, attackers increasingly see cloud workloads as high-value targets worth encrypting or exfiltrating for ransom. And it’s a numbers game, too. Some attackers don’t target the cloud per se; they target everything. As more infrastructure moves to the cloud, the odds of hitting a cloud tenant go up.”

The main challenges for security teams are understaffed IT and security departments, a lack of budget for data security initiatives, mistakes/negligence by business users, and a lack of cybersecurity expertise within the IT and security teams.  Unsurprisingly, given the staffing problems at many organizations, one of the main priorities is the automation of manual IT processes, and while AI tools can help in this regard, it is important to ensure that the tools are not granted excessive privileges and that there is proper governance.

As AI adoption by cybercriminals accelerates, organizations need to respond. Warren suggests that organizations should double down on the basics of zero-trust networking and ensure they are adequately protecting their identity infrastructure, improving resilience by adopting an identity-first approach to protect accounts and the sensitive data they can access.

The post Healthcare Cyberattacks Costing $200K+ Rise 400% in a Year appeared first on The HIPAA Journal.

PHI Potentially Stolen in Phishing Attack on Superior Vision Service

Posted by Steve Alder

Superior Vision Service has announced that protected health information has been compromised in a phishing attack. People Encouraging People has fallen victim to a ransomware attack.

Superior Vision Service

Superior Vision Service, a vision insurance company and subsidiary of Versant Health, has announced a July 2025 security incident.  According to the September 26, 2025, notification letters, Superior Vision learned on July 11, 2025, that an employee had been tricked in a sophisticated phishing attack and disclosed their credentials to the attacker.  The employee responded to the phishing email on July 9, 2025, and the threat actor used the employee’s credentials to access their account. On July 11, 2025, the threat actor may have copied emails from the account that contained sensitive customer information.

The account was reviewed and found to contain full names, physical addresses, phone numbers, email addresses, dates of birth, genders, Social Security numbers, vision coverage election information, and employment information related to enrollment. Notification letters are now being sent to the affected individuals, who have been offered a complimentary 12-month membership to a three-bureau credit monitoring service. Superior Vision has also implemented additional safeguards to prevent similar data breaches in the future. State attorneys general have been notified about the breach, and the website of the Texas Attorney General indicates 3,161 Texas residents have been affected; however, it is unclear how many individuals have been affected in total.

People Encouraging People

People Encouraging People, a behavioral healthcare provider in Baltimore, Maryland, has experienced a ransomware attack that involved data theft and file encryption. The attack was identified on or around December 21, 2024. A forensic investigation was launched, which confirmed that the attacker had access to its network between December 18, 2024, and December 23, 2024, during which time files containing sensitive patient data were stolen. The file review confirmed that the stolen data included full names, addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account information, diagnosis information, medication information, and treatment information. The types of information involved vary from individual to individual.

People Encouraging People is unaware of any misuse of the stolen information; however, patients have been advised to remain vigilant against identity theft and fraud. Safeguards had been implemented to prevent unauthorized access to its computer network and patient data, and those safeguards are being reviewed and enhanced to prevent similar incidents in the future. The ransomware attack has been reported to the HHS’ Office for Civil Rights as involving the protected health information of 13,083 individuals.

The post PHI Potentially Stolen in Phishing Attack on Superior Vision Service appeared first on The HIPAA Journal.

Data Breaches Announced by Treasure Coast Hospice & Harbor

Posted by Steve Alder

Treasure Coast Hospice, a palliative care provider in Florida, and Harbor, a mental health and addiction treatment service provider in Ohio, have recently announced security incidents that have exposed patient data.

Health & Palliative Services of the Treasure Coast (Treasure Coast Hospice), Florida

Health & Palliative Services of the Treasure Coast, Inc. d/b/a Treasure Coast Hospice, a provider of palliative care and hospice services to residents of Martin, St. Lucie, and Okeechobee counties in Florida, has recently notified 13,234 individuals about a September 2024 security incident. On September 25, 2025, Treasure Coast Hospice was made aware of unusual activity within its email environment. A third-party cybersecurity firm was engaged to investigate the activity and confirmed unauthorized access to an email account that contained patient information.

The account was reviewed, and on July 15, 2025, the data mining process was completed, and it was confirmed that a range of information had been exposed and may have been accessed or copied. The types of information involved vary from individual to individual and may include names in combination with one or more of the following: date of birth, demographic information, Social Security number, driver’s license number, medical information, financial information, and health insurance information.

At the time of issuing notification letters, Treasure Coast Hospice was unaware of any misuse of the exposed information; however, as a precaution against identity theft and fraud, the affected individuals have been offered complimentary credit monitoring and identity theft protection services. Treasure Coast Hospice said it strongly encourages the affected individuals to take advantage of the services being offered. Additional security measures have been implemented to harden email security, weekly security scans will be conducted, and additional training is being provided to its workforce.

Harbor, Ohio

Harbor, a mental health and substance use disorder treatment provider in Ohio, confirmed in a September 30, 2025, press release that an unauthorized third party breached its security defenses and gained access to its computer network. Suspicious activity was identified on August 1, 2025, and an investigation was launched to determine the nature and scope of the unauthorized activity.

The investigation determined that an unauthorized third party had access to its computer network between July 25, 2025, and August 1, 2025, during which time files were exfiltrated from its network. The types of information in the files vary from individual to individual, and may include names, addresses, birth dates, Social Security numbers, driver’s license numbers/state identification numbers, diagnoses, treatment information, clinical information, financial account information, and health insurance information.  Harbor is reviewing its security policies and procedures and will take steps to improve privacy and security. The incident is not yet shown on the HHS’ Office for Civil Rights website, so it is currently unclear how many individuals have been affected.

The post Data Breaches Announced by Treasure Coast Hospice & Harbor appeared first on The HIPAA Journal.