'Cyber Insecurity' is a Growing Health Care Concern

November 05, 2025

Health care remains a consistent target of cybersecurity threats that can impact outcomes and access to care.

A new report last month from Proofpoint, Inc. and the Ponemon Institute looks at the ways so-called ‘cyber insecurity’ is challenging health care and reviews the latest trends to protect organizations from these challenging threats. The report surveyed over 675 U.S.-based IT and cybersecurity professionals working in health care.

“Patient safety is inseparable from cyber safety,” said Ryan Witt, vice president of industry solutions at Proofpoint.

Here are five takeaways from the report:

• Growing concern:   About 72 percent of health care organizations reported experiencing a common cyberattack that disrupted patient care. That’s an increase from 69 percent last year.
• Why it matters:  These attacks are designed to be disrupting, affecting outcomes, patients’ length of stay, and mortality.
• AI as a defense:  About 57 percent of organizations implemented artificial intelligence in either cybersecurity or both cybersecurity and patient care.
  • These tools have strong potential, the report notes, but they also have concerns related to protecting sensitive patient information, interoperability, and data accuracy that must be considered.
• Encouraging trend:  The average cost of the most significant attack decreased to $3.9 million from $4.7 million during 2024.
• Quotable:  “This year’s report highlights a stark reality: cyber threats aren’t just IT issues, they’re clinical risks,” Witt said.

HAP’s emergency management team is a key resource to support health care cybersecurity. For additional insights, don’t hesitate to contact Edward Wurster, III, HAP manager, business continuity and cyber resilience.

Additional information about the report is available online.