When hackers hit, patient safety takes the fall

93% of U.S. healthcare organizations experienced at least one cyberattack in the past year, with an average of 43 incidents per organization, according to Proofpoint.

The study found that most of these attacks involved cloud account compromises, ransomware, supply chain intrusions, and business email compromise. 72% of respondents said at least one incident disrupted patient care.

Patient care takes the hit

The findings link attacks to poor clinical outcomes and, in some cases, higher patient mortality. When care systems are locked, delayed, or unreliable, staff lose time and patients lose access.

Supply chain compromises caused the most severe effects, disrupting operations and delaying procedures and tests. These delays led to longer hospital stays and poorer outcomes. Ransomware had similar consequences by locking critical systems and slowing care delivery.

“Cyberattacks are now routinely affecting patient safety, and while security spending is up, many organizations still lack leadership and internal expertise to meet the challenge,” said Dr. Larry Ponemon, chairman of the Ponemon Institute.

Cloud account breaches were another frequent source of disruption. Attacks targeting collaboration and communication tools used in clinical workflows interrupted the exchange of vital information.

Financial pressure remains high

Although the cost of the most expensive cyberattack declined slightly from last year, the financial burden remains significant. The average cost of the single most damaging incident was $3.9 million. Disruptions to healthcare operations were the largest expense category, averaging about $1.2 million per event.

Ransomware payments have grown even as fewer organizations choose to pay them. Combined with the indirect costs of downtime and remediation, cyber incidents continue to drain budgets and delay other technology projects.

Human error drives many breaches

Most organizations reported multiple incidents of data loss or unauthorized disclosure in recent years. Employee mistakes were cited as the main cause, including sending patient data to the wrong person or failing to follow established security procedures.

Training programs and phishing simulations are now standard, but awareness alone does not solve the human factors behind data loss. Many organizations continue to struggle with enforcing policies and monitoring user behavior across multiple systems and devices.

Cloud and AI add complexity

A growing number of organizations have moved or plan to move clinical applications to the cloud within two years. This shift supports flexibility and scalability but also expands exposure to account takeovers and data leakage.

Artificial intelligence is becoming part of both the security stack and patient care. Many healthcare leaders are adopting or testing AI-driven tools to detect threats and prevent data loss. At the same time, concerns persist about protecting the sensitive information used to train and operate these systems.