![\"Cyberattacks](\"https:\/\/dataconomy.com\/wp-content\/uploads\/2025\/10\/Cyberattacks-are-now-killing-patients-not-just-crashing-systems.jpg\" "\\"Cyberattacks")
<\/p>\n<\/p>\n
A new report confirms what many in healthcare have feared: cyberattacks are no longer just an IT problem; they are a direct threat to patient safety. The fourth annual report, titled \u201cCyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care 2025,\u201d was released today by the cybersecurity firm Proofpoint and the Ponemon Institute. After surveying 677 U.S. healthcare IT professionals, the findings are stark: 72% of healthcare organizations that were attacked reported a resulting disruption to patient care, up from 69% last year. This matters because \u201cdisruption\u201d is a mild word for what\u2019s happening. The report links these attacks to increased complications in medical procedures, longer hospital stays, and even higher patient mortality rates.<\/p>\n
For years, the cost of a cyberattack was measured in dollars. This report, however, measures it in patient outcomes. The data paints a grim picture of a sector under constant siege, with 93% of organizations experiencing at least one cyberattack in the past year, at an average of 43 attacks per organization.<\/p>\n
Think of it this way: a hospital\u2019s network going down isn\u2019t just an \u201coperational nuisance.\u201d It\u2019s a direct threat to your health. When systems are compromised, the consequences are immediate and severe:<\/p>\n
While the average cost of the most significant attack dropped slightly to $3.9 million, ransom payments are climbing. The average ransom paid by hospitals jumped to $1.2 million, a 60% increase from 2022.<\/p>\n
The researchers drilled down into which specific types of attacks cause the most harm. It turns out the biggest threat isn\u2019t always the one you hear about most.<\/p>\n
So, who\u2019s to blame? Hackers are the obvious answer, but the report points to a more complicated internal problem: us.<\/p>\n
The study found that 96% of organizations had at least two incidents of sensitive data being lost or stolen in the last two years. The main causes weren\u2019t sophisticated hacks but simple human error: 35% were due to employees failing to follow policies, and 25% were from employees unintentionally sending patient data to the wrong person via email.<\/p>\n
This isn\u2019t just a privacy issue; it\u2019s a safety one. In 55% of these data loss incidents, patient care was disrupted. Of that group, a shocking 54% saw increased mortality rates.<\/p>\n
Here\u2019s the real twist: the biggest roadblock to fixing this isn\u2019t money. Budgets for IT security are up. The real problem, according to the survey, is a lack of in-house expertise (43%) and an absence of clear leadership (40%).<\/p>\n
\u201cThis year\u2019s findings are a wake-up call for the healthcare industry,\u201d said Dr. Larry Ponemon, founder of the Ponemon Institute. \u201cThe root cause of many incidents lies in human factors\u2014negligence, insider risk, and gaps in cyber awareness.\u201d<\/p>\n
The report makes it clear that healthcare organizations must stop treating cybersecurity as a back-office IT issue. As Ryan Witt of Proofpoint put it, \u201cPatient safety is inseparable from cyber safety.\u201d The next steps must be \u201chuman-centric,\u201d focusing on better training and smarter<\/p>\n