Healthcare Breaches Soar: Rising Costs and Expanding Attack Surfaces

Essential Insights

1. Healthcare cybersecurity risks have surged due to digital transformation, expanding attack surfaces through cloud, IoMT, and OT systems, making breaches a critical threat to patient safety and operational continuity.
2. In 2025, healthcare experienced over 54.7 million threat detections, predominantly via email (85%), with U.S. institutions being the primary targets, and data breaches costing an average of $10.22 million per incident.
3. Vulnerable, legacy medical devices and operational systems with known exploits are widespread, creating opportunities for cybercriminals to escalate attacks, exfiltrate data, and cause cascading system failures with lethal consequences.
4. Future cybersecurity strategies must shift to proactive, risk-based, and segmented defenses, emphasizing threat intelligence, multifaceted email security, identity controls, rapid patching, and incident response to mitigate the high cost of breaches and downtime.

What’s the Problem?

In 2025, a troubling increase in healthcare cyberattacks was reported by Trellix, revealing that these incidents are now frequent, with over 54.7 million detections worldwide—most notably in the United States, where email was the primary attack vector. These breaches have escalated from simple IT disruptions to serious threats impacting patient safety, as cybercriminals exploit the healthcare industry’s expanding attack surface, which includes outdated medical devices and interconnected operational systems. As a result, hospitals face not only hefty financial losses, averaging over 10 million dollars per breach, but also heightened risks of mortality due to operational paralysis during cyberattacks. Notably, cybercriminals have shifted towards patient extortion, stealing records and demanding ransoms directly from patients, which further complicates the threat landscape. This growing crisis, reported by Trellix analysts, underscores the urgent need for healthcare leadership to prioritize cybersecurity; otherwise, the increasing sophistication and scale of these attacks could severely threaten both financial stability and patient well-being.

The report explains that attackers take advantage of vulnerabilities in legacy medical devices, operational technology, and internet-connected systems, making routine patching difficult. For example, many devices run unsupported software, and some transmit data in plaintext, creating backdoors. Additionally, adversaries often move laterally from non-clinical networks into sensitive medical systems, bypassing traditional defenses. Consequently, healthcare organizations are caught in a persistent battle, with downtime costing millions per day and recovery times often exceeding 100 days. Trellix highlights that understanding these risks requires a shift from reactive to proactive security measures, such as layered email defenses, network segmentation, improved identity management, and continuous threat intelligence—steps crucial to reducing operational disruptions and protecting patient data amid an evolving and highly professionalized threat environment.

What’s at Stake?

The recent report from Trellix highlights that healthcare breaches are hitting new financial heights because cybercriminals are increasingly exploiting the enlarging attack surfaces within clinical environments. This trend can also impact any business that handles sensitive data or relies on digital systems, as these vulnerabilities offer cybercriminals more entry points. When breaches occur, businesses face not only direct financial losses but also damage to their reputation, legal penalties, and operational disruptions. Moreover, as attackers become more sophisticated, the risk of significant data theft or system compromise grows—potentially crippling a company’s ability to operate smoothly. Consequently, no organization is immune; neglecting cybersecurity makes you vulnerable to costly breaches that threaten your stability and trustworthiness.

Possible Next Steps

In the healthcare sector, timely remediation of security breaches is essential because delays can lead to severe consequences for patient safety, data privacy, and financial stability. As cyber adversaries increasingly exploit the expanding attack surfaces within clinical environments, swift and effective responses are paramount to minimize damage and restore trust.

Mitigation Strategies

• Risk Assessment: Conduct immediate evaluations to identify vulnerable systems and data.

• Access Control: Implement strict user access management, including multi-factor authentication.

• Monitoring & Detection: Deploy advanced intrusion detection systems to identify suspicious activity promptly.

• Employee Training: Educate staff on recognizing phishing and social engineering tactics.

• Patch Management: Regularly update software and devices to patch known vulnerabilities.

Remediation Steps

• Containment: Isolate affected systems to prevent further breach propagation.

• Eradication: Remove malicious artifacts and unauthorized access points from the network.

• Recovery: Restore data from secure backups and verify system integrity before resuming operations.

• Communication: Notify affected parties and regulatory bodies in accordance with legal requirements.

• Post-Incident Review: Analyze attack vectors and response effectiveness to improve future defenses.

Stay Ahead in Cybersecurity

Stay informed on the latest Threat Intelligence and Cyberattacks.

Learn more about global cybersecurity standards through the NIST Cybersecurity Framework.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1cyberattack-v1-multisource