Nearly half of healthcare organizations experienced a cybersecurity incident in the past year, and financial losses from those attacks are climbing sharply, according to a Sept. 18 report from Netwrix, a cybersecurity provider focused on data and identity threats.
Here are five things to know from the report:
- The survey found 48% of healthcare organizations reported at least one incident in the last 12 months.
- Nineteen percent said they lost more than $200,000, up from 5% in 2024. Losses of more than $500,000 also rose, from 2% last year to 12% this year.
- By comparison, across all industries surveyed in 2025, only 13% reported losses above $200,000 and 6% above $500,000.
- Phishing, ransomware and user account compromise were the most common attacks, with nearly one-third of healthcare respondents citing incidents tied to compromised accounts.
- The report also examined AI for the first time. Thirty-seven percent of IT and security professionals said AI-driven threats have already prompted stronger defenses, underscoring how quickly attackers are adopting the technology.
The findings are part of Netwrix’s annual report, which draws on responses from 2,150 IT and security professionals across 121 countries.
