Nearly Three in Four U.S. Healthcare Organizations Report Patient Care Disruption Due to Cyber Attacks, According to New Proofpoint-Ponemon Institute Report

Fourth annual report reveals persistent cyber threats are clinical risks as attacks continue to compromise patient safety and cost millions

SUNNYVALE, Calif. - October 8, 2025 - Proofpoint, Inc., a leading cybersecurity and compliance company, and Ponemon Institute, a top IT security research organization, today released findings from their fourth annual survey on the effects of cybersecurity in healthcare. The report, "Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care 2025," confirms a troubling reality: cyber threats targeting healthcare organizations are not just IT security issues-they can pose serious risks to patient safety and can impact clinical outcomes.

The report reveals that 72% of healthcare organizations that experienced common cyberattacks-ransomware, cloud compromise, supply chain attacks, and business email compromise (BEC)-suffered disruption to patient care, up from 69% last year. These attacks are not merely operational nuisances: 54% of impacted organizations reported increased medical procedure complications, 53% reported longer patient stays, and 29% said mortality rates rose as a direct result.

"Patient safety is inseparable from cyber safety," said Ryan Witt, vice president of industry solutions at Proofpoint. "This year's report highlights a stark reality: cyber threats aren't just IT issues, they're clinical risks. When care is delayed, disrupted, or compromised due to a cyberattack, patient outcomes are impacted, and lives are potentially put at risk. This report underscores the urgent need for healthcare organizations to adopt a human-centric cybersecurity approach-one that not only protects systems and data but also preserves the continuity and quality of care."

Cyberattacks Are Endangering Lives and Burdening Operations

This year's report, which surveyed 677 U.S.-based IT and cybersecurity professionals in healthcare, sheds light on the operational, clinical, and financial toll of cyber threats in a sector where human lives are at stake:

• 93% of organizations experienced at least one cyberattack in the past year, with an average of 43 attacks per organization, up from 40 in 2024.
• While the average cost of the most significant attack decreased to $3.9 million (down from $4.7 million in 2024), cyberattacks remain a major financial burden, driven by downtime, staff productivity loss, and remediation.
• Ransomware attacks remain prevalent and increasingly costly. 33% of victims paid ransom demands, but the average payment increased to $1.2 million, up from $1.1 million in 2024, and a staggering 60% higher than in 2022.

Supply Chain, BEC, and Cloud Attacks Threaten Patient Safety and Care

Among the four major attack types analyzed, supply chain attacks were the most likely to impact patient care. Although fewer organizations experienced a supply chain attack in 2025 (44% vs. 68% in 2024), 87% of those affected reported care disruption, an increase from 82% last year. Additionally:

• BEC attacks were most likely to cause delays in procedures and tests that resulted in poor outcomes (65%).
• Ransomware was the attack type most likely to result in longer lengths of stay (67%) and increase in patients diverted or transferred to other facilities (50%).
• Cloud/account compromises, the most prevalent and persistent threat vector, were experienced by 72% of organizations. 61% reported increased complications in procedures and 36% reported higher mortality, underscoring the urgency of addressing cloud/account compromise risks given the potential impact on patient care and service continuity.

Human Risk and Data Loss Threaten Patient Safety

Insider risk and employee negligence remain persistent challenges:

• 96% of organizations have experienced at least two incidents of data loss or exfiltration involving sensitive and confidential healthcare data over the past two years.
• On average, 18 such incidents occurred per organization. 55% of respondents said these incidents disrupted patient care; of these, 54% saw increased mortality rates, and 36% said it caused delays in procedures and tests that resulted in poor outcomes.
• The top causes of data loss included: employee failure to follow policies (35%), privileged access abuse (25%), and employees unintentionally sending PII or PHI to the wrong recipient via email (25%).
• Despite these risks, there is evidence of growing maturity: 76% of organizations take steps to address the risk of employees' lack of awareness about cybersecurity threats (up from 71% in 2024). Of these, 63% conduct regular training and awareness programs and 47% use phishing simulations to improve employee resilience.

Cloud Migration and Mobile App Risks on the Rise

The 2025 report also captures trends around healthcare's digital transformation, with an accelerating shift toward cloud-hosted clinical systems.

• 30% of healthcare organizations have already migrated clinical applications to the cloud, with another 32% planning to do so within two years.
• The most frequently targeted collaboration tools remain text messaging (59%), videoconferencing (54%), and email (45%), underscoring the risks associated with cloud-based collaboration platforms in healthcare environments.
• Meanwhile, insecure mobile apps (eHealth) remain the top cyber concern (55%), followed by employee-owned mobile devices (49%) and cloud/account compromise (49%).

AI Emerges as a Key Line of Defense-and Risk

Artificial intelligence is playing a growing role in healthcare security strategy:

• 57% of organizations have embedded AI in either cybersecurity (30%) or both cybersecurity and patient care (27%).
• 55% say AI is very effective in improving their cybersecurity posture, and 40% use AI/ML to understand human behavior, especially in relation to email protection.
• AI-based data loss prevention (DLP) is gaining traction: 23% of organizations currently use it, with 29% planning to adopt it within a year.
• Yet challenges remain: 60% of organizations struggle to protect sensitive data used by AI systems, and interoperability and data accuracy are key barriers to adoption. 38% identified generative AI tools as a cyber concern, a new category in this year's survey.

Calls for Leadership and Expertise Grow Louder

A significant number of respondents cite lack of in-house expertise (43%) and absence of clear leadership (40%) as the main roadblocks to an effective cybersecurity posture. However, budget concerns are declining: only 37% see it as a barrier, down from 40% last year. The average IT budget reported was $65 million, with 21% allocated to information security.

"This year's findings are a wake-up call for the healthcare industry; the root cause of many incidents lies in human factors-negligence, insider risk, and gaps in cyber awareness," said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "Cyberattacks are now routinely affecting patient safety, and while security spending is up, many organizations still lack clear leadership and internal expertise to meet the challenge."

To download "Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care 2025," please visit: https://www.proofpoint.com/us/resources/threat-reports/ponemon-healthcare-cybersecurity-report

###

About Proofpoint, Inc. 

Proofpoint, Inc. is a global leader in human- and agent-centric cybersecurity, securing how people, data and AI agents connect across email, cloud and collaboration tools. Proofpoint is a trusted partner to over 80 of the Fortune 100, over 10,000 large enterprises, and millions of smaller organizations in stopping threats, preventing data loss, and building resilience across people and AI workflows. Proofpoint's collaboration and data security platform helps organizations of all sizes protect and empower their people while embracing AI securely and confidently.  Learn more at www.proofpoint.com.

Connect with Proofpoint: LinkedIn

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.