Healthcare: top cyber target
The FBI’s latest report found healthcare and public health were the single biggest target for cyberattacks in 2025, logging 642 total cyber events including 460 ransomware attacks and 182 data breaches. Those numbers underline why providers and payers are emphasizing resilience, disclosure and continuity planning as part of procurement and vendor evaluation. The sector‑wide tally and context were reported through the AHA’s coverage of the FBI report. (aha.org)
A hospital cyberattack is not like a retail breach where a card gets replaced in 10 minutes. When hospital networks go down, pharmacies cannot process claims, clinics lose scheduling systems, and staff fall back to paper in the middle of patient care. (aha.org) That is why the Federal Bureau of Investigation’s 2025 internet crime data landed so hard in health care. Health care and public health logged 642 cyber events in 2025, more than any other critical-infrastructure sector the bureau tracks. (aha.org) Most of those incidents were ransomware, which is the kind of attack where criminals lock computers or steal data and demand payment to stop the damage. The Federal Bureau of Investigation count for health care was 460 ransomware attacks in 2025, plus 182 data breaches. (aha.org) The comparison that jumps out is the runner-up. Financial services was next at 447 total events, which left health care almost 200 incidents higher than the second-most-targeted sector. (aha.org) This was not a one-year fluke. The American Hospital Association said health care also led the Federal Bureau of Investigation tally for 2024, with 444 reported incidents made up of 238 ransomware threats and 206 data breaches. (aha.org) The reason criminals keep coming back is simple: hospitals cannot stay offline for long. A regional clothing chain can close its website for a day, but an emergency department, a cancer clinic, or a 24-hour pharmacy has patients showing up every hour. (cisa.gov) The last two years gave the industry a brutal example of what that looks like. The Change Healthcare attack in February 2024 disrupted claims processing and pharmacy transactions across the country, and the Department of Health and Human Services later said about 190 million people were impacted. (hhs.gov) That outage turned one back-office company into a single point of failure for thousands of providers. When Change Healthcare disconnected systems after detecting ransomware on February 21, 2024, hospitals, physician offices, and pharmacies were pushed into manual workarounds. (hhs.gov) (pharmacytimes.com) So the response is shifting from “Do we have antivirus?” to “Can we keep treating patients if a vendor goes dark on a Wednesday morning?” The Department of Health and Human Services published health-care-specific Cybersecurity Performance Goals in January 2024 to push organizations toward baseline controls and stronger recovery planning. (cisa.gov) (hhscyber.hhs.gov) That is why procurement teams now ask vendors about downtime plans, breach disclosure, backup systems, and who gets called in the first hour of an incident. In a sector that logged 642 Federal Bureau of Investigation cyber events in 2025, buying software without asking how it fails is starting to look like buying an ambulance without brakes. (aha.org)
