A recent report from Resilience has unveiled a growing cyber crisis in the U.S. healthcare sector, revealing that 168 million records were exposed in 2023, with extortion demands soaring to as high as $4 million in 2025.

Despite the alarming statistics, a 2025 survey found that only one in three healthcare executives prioritize cybersecurity, with many viewing cost and compliance as more pressing challenges, even as over half anticipate a fatal incident within the next five years.

There exists a significant gap between the confidence in cybersecurity preparedness and actual practices, as only 53% of healthcare leaders conduct phishing simulations and 17% do not have an incident response plan in place.

Even with investments in security measures, the average loss severity from cyberattacks is expected to escalate from $800,000 in 2024 to $2 million in 2025, with ransomware and transfer fraud being the most common attack methods.

The cyber threat landscape is evolving, with a shift away from notorious groups like BlackCat and Cl0p, as smaller, more agile groups such as Lockbit, Medusa, and Interlock increasingly succeed in breaching healthcare systems.

David Meese from Resilience stresses the importance of adopting a proactive, financially-driven approach to cybersecurity to bolster resilience against significant threats.

To enhance cybersecurity, Resilience advocates for strategies such as comprehensive backup plans, continuous monitoring of third-party vendors, financial quantification of cyber risks, and realistic testing of incident response plans.

The report includes case studies that contrast reactive versus strategic security planning, highlighting a mid-sized health system's failure due to inadequate vendor oversight and untested backups, in contrast to a biotech firm that effectively utilized financial risk modeling for security investments.

Supply chain risks are increasingly concerning, as compromised vendors can affect multiple healthcare systems, while human error continues to be a significant contributor to data breaches.

The report also details a major ransomware incident in February 2024, where Change Healthcare's systems were compromised, resulting in nationwide care disruptions and the exposure of 190 million records.