Cyberattacks Remain a Costly Threat to Hospitals
Ransomware and other cyberattacks continue to pose a significant financial threat to healthcare providers. A recent report notes that such incidents cost hospitals nearly $10 million per breach between 2022 and 2023. While the total number of breaches declined in 2025, healthcare remains a primary target for cybercriminals.
- Third-party vendors are a significant weak point, accounting for over a third of healthcare data breaches in 2025. The February 2024 attack on Change Healthcare, a payment processing firm, was initiated via stolen credentials on a remote access portal lacking multi-factor authentication and ultimately impacted as many as two-thirds of Americans. - Legacy medical imaging equipment, such as MRI and CT scanners, often runs on outdated software that no longer receives security patches, creating vulnerabilities. Misconfigured Picture Archiving and Communication System (PACS) servers have also been identified as a major risk, potentially exposing imaging data directly to the internet. - The operational downtime from a ransomware attack in an imaging context can be catastrophic, leading to canceled appointments, delayed diagnoses for critical conditions like strokes, and forcing a reliance on manual processes until systems are restored. The average downtime from a healthcare ransomware incident is approximately 17 days. - A single stolen medical record can sell for $260-$310 on the dark web, roughly ten times the value of a stolen credit card number, because it contains a wealth of permanent, unchangeable personal data suitable for fraud. - The cost per breached record in healthcare averages $408, more than double the cross-industry average, reflecting expenses for detection, notification, and regulatory fines. - Cybercriminals are increasingly using AI to launch more sophisticated attacks, while healthcare organizations themselves are in the early stages of adopting AI risk management frameworks to counter these threats. - In 2025, hacking and IT incidents affected an average of over 105,000 individuals per breach, a figure more than ten times greater than breaches caused by unauthorized access or disclosure by internal sources. - The February 2025 ransomware attack on Episource, an IT vendor for health plans, demonstrates the cascading impact of a single breach on a business associate, affecting 5.42 million patients across multiple provider systems.
