Nearly Three in Four Healthcare Organizations Report Care Disruption Due to Cyber Attacks

A new 2025 report reveals that cyberattacks are increasingly disrupting patient care, with 72 percent of organizations affected

Pietje Kobus

Oct. 14, 2025

2 min read

Key Highlights

72 percent of healthcare organizations experienced patient care disruptions due to cyberattacks such as ransomware and cloud breaches.
Over the past two years, 96 percent faced data loss incidents, with 55 percent disrupting patient care and 54 percent increasing mortality rates.
AI is increasingly embedded in cybersecurity and patient care, but 60 percent struggle to protect sensitive data used by these systems.
Secure mobile apps and employee-owned devices are top cyber concerns, with 55 percent and 49 percent respectively, highlighting mobile security challenges.
The report emphasizes human factors—negligence, insider risks, and cyber awareness gaps—as root causes of many cybersecurity incidents.

Nearly Three in Four Healthcare Organizations Report Care Disruption Due to Cyber Attacks

Last week, Proofpoint, Inc., a cybersecurity and compliance company, and Ponemon Institute, an IT security research organization, released the results of their fourth annual survey on the effects of cybersecurity in healthcare. The report, Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care 2025, confirms that cyber threats targeting healthcare organizations are not merely IT security issues; they can pose serious risks to patient safety and affect clinical outcomes.

The report shows that 72 percent of healthcare organizations that faced common cyberattacks—such as ransomware, cloud breaches, supply chain attacks, and business email compromise (BEC)—experienced disruptions to patient care, up from 69 percent last year. These attacks are not just minor operational issues, the press release summarized: Fifty-four percent of affected organizations reported increased complications in medical procedures, 53 percent saw longer patient stays, and 29 percent indicated that mortality rates increased directly due to these incidents.

Key findings in the report included:

Ninety-six percent of organizations have experienced at least two incidents of data loss or exfiltration involving sensitive and confidential healthcare data over the past two years. Fifty-five percent of respondents said these incidents disrupted patient care. Of these, 54 percent saw increased mortality rates, and 36 percent said it caused delays in procedures and tests that resulted in poor outcomes.
Fifty-seven percent of organizations have embedded AI in either cybersecurity (30 percent) or both cybersecurity and patient care (27 percent). Yet, 60 percent of organizations struggle to protect sensitive data used by AI systems, and interoperability and data accuracy are key barriers to adoption.
Secure mobile apps remain the top cyber concern (55 percent), followed by employee-owned mobile devices (49 percent) and cloud/account compromise (49 percent).

“This year’s findings are a wake-up call for the healthcare industry; the root cause of many incidents lies in human factors—negligence, insider risk, and gaps in cyber awareness,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. “Cyberattacks are now routinely affecting patient safety, and while security spending is up, many organizations still lack clear leadership and internal expertise to meet the challenge.”

For the report, 677 U.S.-based IT and cybersecurity professionals in healthcare were surveyed.