The cybersecurity company Netwrix reported that from March 2024 to March 2025, nearly 50% of healthcare organizations encountered one or more data incidents, including hacking incidents, ransomware attacks, or phishing attacks. Netwrix 2025 Cybersecurity Trends Report interviewed 2,150 IT experts from 121 countries and compared the results to past studies done in 2020, 2023, and 2024.
Threat actors attack healthcare because of the high perceived value of patient data, and because healthcare providers cannot allow disruption, since it affects patient safety. Ransomware groups widely target the industry because of the higher likelihood of getting ransom payment to avoid the exposure of stolen information and ensure a quick recovery. Over the last 12 months, 48% of healthcare providers encountered at least one data incident that needed a focused security response.
Throughout all industries, there is a lower number of companies reporting no impact due to security incidents. In 2023, according to 45% of respondents, security incidents had no impact, while in 2025, 36% of respondents reported no impact. In 2024, 60% of companies reported struggling with financial problems because of cyberattacks, which increased to 75% in 2025. Throughout all industries, the number of companies reporting financial loss of no less than $200,000 nearly doubled from 7% (2024) to 13% (2025).
Netwrix states that the number of healthcare companies that reported financial losses of not less than $200,000 in 2025 quadrupled from 2024. In 2024, just 2% of healthcare companies encountered cyberattack-linked losses of over $500,000, in comparison to 12% in 2025. The report reveals that healthcare is dealing with the biggest financial impact from cyberattacks. In 2025, 6% of all sectors experienced cyberattack-linked financial losses of over $500,000, in comparison to 12% in healthcare.
The Netwrix report showed that about 33% of healthcare companies experienced security incidents that involved breached user/admin accounts. The most common threat is still phishing, and attacks have become more difficult to identify because of the use of AI tools for phishing and social engineering attacks. 37% of the respondents mentioned AI-driven threats call for tougher defenses. It’s rational to say that threat actors move more quickly with AI, and defenders are struggling to catch up.
In 2025, there were three leading security threats online and on-site:
- Phishing – 76% online; 69% on-site
- User/admin account breach – 46% online; 45% on-site
- Ransomware and other malware attacks – 30% online; 31% on-site
Ransomware attacks on-site have become less common, whereas the frequency of cloud infrastructure attacks is stable. As companies move important operations and sensitive information to the cloud, threat actors more and more see cloud attacks as high-value worthy of encryption or extraction for ransom. Certain threat actors don’t attack the cloud by itself; they target all related things. With more infrastructure moving to the cloud, the chances of attacking a company on the cloud go up.
The major problems for security teams include a lack of staff in the IT and security sectors, an insufficient budget for data security projects, errors/negligence by company users, and a lack of cybersecurity knowledge among the IT and security teams. Unsurprisingly, considering the workforce problems at different businesses, one of the major priorities is automating manual IT procedures. It is helpful, but the tools are not given too much privileges and require proper governance.
As more cybercriminals adopt AI, companies must respond. Organizations need to double down on the fundamentals of zero-trust network and be sure they are sufficiently safeguarding their identity infrastructure, enhancing resilience by taking on an identity-first strategy to secure accounts and the accessible sensitive information. HIPAA training must also be provided that tackles the issues of cybersecurity of sensitive information.