Despite increases in breaches and budgets, the safety of healthcare systems has not improved.

A new report from Resilience highlights a growing cyber crisis in the U.S. healthcare sector, where ransomware attacks, vendor compromises, and human error are causing widespread disruption. In 2023, breaches exposed 168 million records, and the first half of 2025 has already seen extortion demands reaching as high as $4 million. Despite significant investments in security tools and insurance, the sector remains vulnerable. The report details a major incident in February 2024, when Change Healthcare’s systems were hit by ransomware, disrupting care nationwide and exposing 190 million records. Resilience uses this incident as a case study to illustrate how third-party failures can impact the entire healthcare system.

Resilience’s internal data indicates that while average loss severity dropped to $800,000 in 2024, it may rise to $2 million in 2025. Most attacks now involve ransomware or transfer fraud, with successful attacks stemming from a diverse mix of actors, including Lockbit, Medusa, and Interlock. Supply chain risk is emerging as a significant concern, as the interconnected nature of healthcare means that a single compromised vendor can affect multiple systems and facilities. Human error, such as misconfigured tracking pixels and poor data handling practices, continues to expose sensitive patient information. Despite these mounting risks, cybersecurity remains a low priority for healthcare leadership, with only one in three executives listing it as a top concern in a 2025 survey.