Healthcare Cybersecurity Statistics & Biggest Attacks in 2025
Posts by Colin TanJuly 8, 2023
The focus on healthcare cybersecurity statistics expands every year.
As data breaches continue, industry experts and individuals alike are concerned about the data collected by the healthcare industry.
Cybersecurity also becomes more complex as technology develops, making it a constant effort to enhance security measures across the board.
Around 337 breaches in the healthcare sector were recorded in the first two quarters of 2022 alone.
This affected roughly 19,992,810 people.
One could say that some breaches turn out to be relatively harmless, but the event shouldn’t be taken lightly in the slightest.
Thankfully, there are many professionals involved in cybersecurity, and they’re bringing new ideas and innovations to help improve security for everyday individuals.
This article will highlight many interesting statistics surrounding cybersecurity in the healthcare industry from the past few years.
Key Statistics
- 30% of all large data breaches occur in hospitals
- In 2019, 51% of healthcare organizations reported an uptick in data breaches
- 61% of data breaches in healthcare are caused by negligent employees
- There has been a 36% increase in medical complications due to ransomware attacks
- Roughly 80% of reported healthcare breaches stem from hacking attempts
An Overview of Healthcare Cybersecurity Statistics in 2025
You could look at cybersecurity issues with a bird’s eye view, and it would be apparent that it’s an issue in many issues and facets of life.
Regarding the healthcare industry, there are many complications with cybersecurity that will require a significant amount of work to combat hacks, ransomware attacks, and more.
There are various angles you can look at cybersecurity statistics to get an understanding of how detrimental they are to millions of people.
To see how it’s progressed over time, keep reading below to get a look at how certain statistics have evolved over the last few years.
Data Breaches in Healthcare In Recent Years
There are numerous data points I could highlight, but there’s no way to cover them all.
This section will delve into some staggering statistics that have cybersecurity experts concerned.
Understanding the prevalence and evolution of these numbers is paramount for developing new tactics to prevent data breaches.
It’s also alarming that with each passing year, it seems that data breaches are becoming much more common.
Below is a bullet list containing information on data breaches ranging from 2009 up until now.
- Over 2,100 data breaches have been recorded in the healthcare industry since 2009.
- A healthcare system named Sutter Health reported 87 million cyber threats in 2018.
- In 2020 alone, it’s estimated that there were 240 million hacking attempts. 58% of these threats went to Cerebro, 16% to Sodinokibi, and 14% to VBCrypt.
- Within the past three years, around 93% of healthcare organizations have experienced some type of data breach.
- 1 in 42 healthcare organizations were targeted by ransomware attacks in Q3 of 2022.
- For 2023, it’s expected that there’s a 75.6% chance.
Just off of this information, it’s apparent that cybersecurity attacks are a rampant problem.
These numbers also focus on specific companies and scenarios.
When you take a general look at cybersecurity statistics in healthcare, the data will inherently broaden your view.
(GetAstra)
The Vast Reach of Cybersecurity Attacks in Healthcare
Around 67% of healthcare organizations using lookalike domains have been targeted for cybersecurity attacks. There’s also enough data to predict the potential for attacks in the near future.
Experts believe there’s a 25.7% chance of another Anthem-like breach within the next three years.
It’s also important to note that roughly 34% of data breaches in the healthcare industry deal with authorized access or disclosure.
Aside from collecting information, these data breaches cost people and organizations a lot of money.
The healthcare industry is seen as a big target for data breaches, and the industry has suffered $25 billion in losses within the last two years.
Moreover, some organizations are hit harder than others.
It’s known that the National Health Service (NHS) dealt with a $100 million loss caused by the WannaCry ransomware attack.
Here are a few other main points to keep in mind:
- Device vulnerabilities to ransomware have resulted in longer hospital stays
- 90% of healthcare organizations are expected to face at least one data breach
- 30% of which occur in large hospitals
- There are multiple known triggers for healthcare-related cyber insurance claims
- Accidental data breach – 29%
- Malicious data breach – 18%
- Stolen/Lost devices – 16%
- Ransomware – 8%
- 47% of data breaches in healthcare stem from IT incidents through people with advanced permissions
- Regarding cyber assurance, the healthcare industry only gets a grade of 54%
- Breaches are often caught months later by 39% of organizations
- The healthcare industry invests less than 6% of funds in cybersecurity
- Doctors are considered to be at a 50% risk of committing data breaches
- 24% don’t have the knowledge to identify malware
These percentages show that cyber security attacks can affect organizations and everyday people in many different ways.
Some data breaches are much more detrimental than others.
Over the years, several breaches have cemented themselves in history due to the catastrophic effects they had on the healthcare industry.
(GetAstra)
5 of The Biggest Healthcare Cybersecurity Attacks
Information that this article contains so far can be a never-ending rabbit hole.
There are many different ways a data breach can affect a company and the people associated with it.
In many cases, no one is 100% safe from a cyber security attack, and the instances mentioned below display just how damaging they can be on a large scale.
1. TRICARE
Back in 2011, TRICARE dealt with a cybersecurity attack that affected 4.9 million patients.
The focus of the breach was aimed at theft of personal and medical data.
When you review the details of this breach, the breach occurred during the transfer of records by a data contractor between two facilities.
No financial information was stolen during this breach, but it was still a large-scale issue that affected millions of individuals and their personal information.
The main risks associated with this breach were identity theft and unauthorized access to sensitive medical records.
2. Anthem Blue Cross
The largest data breach on this list, Anthem Blue Cross, encountered a security breach that affected 78.8 million patients.
Stolen data included birth dates, addresses, and, unfortunately, social security numbers.
What’s even scarier is that the breach also impacted people who weren’t members of Anthem Blue Cross.
The type of information that was gathered from this breach could potentially lead to issues like identity theft and fraud.
3. UCLA
The UCLA health system is another prime example of one of the most significant security breaches in the healthcare sector.
Roughly 4.5 million patient records were compromised.
Where the breach occurred was in the organization’s computer network.
Information that was stolen during the breach included names, birth dates, and social security numbers.
Other confidential information that was exposed included patient procedures, diagnoses, and health plan ID numbers.
4. Excellus BlueCross BlueShield
For this organization, a substantial data breach was discovered in 2015.
The worst part is that they realized the breach had been ongoing for about two years.
You can only imagine the amount of personal data that was stolen in this time frame.
It affected an estimated 10 million people, and stolen information was a mix of personal and medical documents.
One of the biggest concerns of this discovery is how long it took the business to realize what was happening.
Stolen data included credit card numbers, claims details, and an array of other financial data.
5. Premera Blue Cross
2015 seemed to be a bad year for cyber security attacks.
Premera Blue Cross suffered a data breach that affected 11 million of its customers.
Data affected in this breach pertained to sensitive financial and medical data.
Birth dates and social security numbers were also part of this breach, and it led to many concerns that customers may face illegal activities such as insurance fraud.
It’s understandable that each of these events raised significant concerns regarding the security of data within large organizations.
Such attacks hurt both the companies and their customers, and the effects of these data breaches can last for years.
Events like these have led cyber security experts down a path of figuring out new ways to prevent cyber attacks.
For customers it has developed a distrust between them and large corporations, making more people wary about sharing such details with just any organization.
Cyber attacks are never a good thing, but if you can’t trust the data security of healthcare organizations, it makes receiving quality healthcare even more of a challenge.
(TechJury)
Statistics on the Different Types of Data Breaches
No one will argue that data breaches are a bad thing.
However, it’s important to discern that not all cybersecurity attacks are the same.
There are many different kinds, with some being more conniving than others.
You’ll also learn that some data breaches can be much more damaging than others.
Regardless of the type, every kind of data breach has the ability to significantly affect the lives of millions of people.
Ransomware
Around 560 healthcare organizations were affected by ransomware attacks in 2020.
Roughly 8% of healthcare data breach claims stemmed from ransomware attacks.
It was expected that the occurrence of ransomware attacks would rise by 5x from 2020 to 2021.
Moreover, 74% of ransomware attacks targeted hospitals, and 26% went to secondary institutions in the healthcare industry.
Business Emails
70% of the known fraud emails to healthcare institutions were sent during office hours of 7am and 1pm.
Nearly 60% of hospital representatives and IT professionals in healthcare agreed that emails are the most common route to compromised data.
Email fraud in healthcare has seen an exponential growth of 473%, and organizations have dealt with an estimated 96 instances of email fraud every quarter.
Phishing
This is one of the trickiest methods of cyber security attacks, as they can be very easy to fall for.
Roughly 88% of workers in the healthcare industry are prone to opening phishing emails.
Recent data shows there has been a 75% increase in phishing attacks in 2021, and this number has likely increased in recent years.
On a related note, a report from Health IT highlights that around 24% of healthcare employees haven’t received any kind of cybersecurity training.
Cybersecurity attacks can present themselves in many different forms, but all of them can be highly detrimental.
Knowledge and education surrounding data breaches are becoming an increasing concern.
Many people fall for triggers of cyber security attacks simply because they don’t have the knowledge or expertise to identify them.
(GetAstra)
The Future of Cybersecurity
Considering all of the damage that data breaches have done, experts are exploring how the public and organizations can protect themselves moving forward.
Cyber attacks are expected to continue, with some primary factors being financial incentives, attack vectors, and geopolitical relationships.
At this time, prevention methods are the primary focus as far as enhancing security is concerned.
The cybercriminal ecosystem is expansive and will continue to attack without pause, which is why education on cyber security is so vital.
Core issues related to cyber attacks include:
- Phishing
- Exploitation of known vulnerabilities
- Compromises in managed service providers
- Remote access technology
As organizations and the public become more knowledgeable about potential cyber-attacks, identifying them will become much more common.
It’s already known that the internet isn’t necessarily a safe place.
The problem with cyber attacks is they can easily lurk in the shadows, and data proves they can accomplish this for years at a time.
It’s important to highlight that although law enforcement and federal services can help defuse cyber attacks, they aren’t going to be 100% effective.
The sheer scale of cyber attacks can make them hard to contain, which is why prevention, education, and discovery is essential.
(HHS.Gov)
The Bottom Line
Data breaches will continue to happen across many different industries, but it’s apparent that the healthcare sector is a primary target on a consistent basis.
A lot of this pertains to extremely sensitive personal data that can be stolen in bulk due to the nature of the industry.
It’s clear that the security measures that are currently in place aren’t good enough, but they’ll continue to evolve to deal with such attacks moving forward.
This article dove into various healthcare cybersecurity statistics to help highlight the damage they cause and what can be done to prevent them.