"The United States healthcare sector faces an unprecedented cybersecurity crisis, experiencing twice as many breaches in 2025 as it did in 2024. According to a new analysis of insurance claims data from Resilience, the average incurred losses in the sector last year topped $2M. With lives at stake, the cost of disruption is staggering - in turn making healthcare organizations a primary target for threat actors looking for bigger payouts."
"Adding fuel to the fire, healthcare organizations are also facing increasing regulatory pressure amidst finite budgets and even more limited staffing resources. This perfect storm means that in 2026, healthcare cybersecurity leaders must prioritize the investments that meaningfully reduce material risk while fitting into their operational budget. The Risk Operations Center at Resilience recently conducted an analysis of incidents, claims, and loss data across healthcare organizations in its portfolio to identify new, data-driven benchmarks."
"Social engineering remains a dominant driver of material losses across observed healthcare cyber loss events, fueling 88% of material losses in the portfolio in the first half of 2025. In healthcare specifically, a security-focused culture, including continuous, internal training against fraud and phishing scams, is what delivered a high reduction in value at risk. The analysis found that within healthcare organizations, phishing training programs reduced risk by $110K."
The United States healthcare sector experienced twice as many cybersecurity breaches in 2025 as in 2024, with average incurred losses exceeding $2M. Threat actors increasingly target healthcare for larger payouts, and disruptions pose direct risks to patient safety. Healthcare organizations face rising regulatory pressure alongside constrained budgets and staffing, forcing leaders in 2026 to prioritize cost-effective, high-impact cybersecurity investments. An examination of incidents, claims, and loss data across healthcare portfolios identified top levers that reduce material risk. Companywide anti-fraud training is critical: social engineering accounted for 88% of material losses in early 2025, and phishing training programs reduced risk by $110K.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]