Report by Proofpoint

2025 Ponemon Healthcare Cybersecurity Report

45 FINDINGSPublished Oct 8, 2025
View Original Report →

Key Findings

Supply chain attacks against healthcare organizations decreased significantly from 68% in 2024 to 44% in 2025.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareSupply chain attack

Healthcare organizations that experienced cloud/account compromises had an average of 21 such compromises in the past two years.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareCloud compromiseAccount compromise

96% of healthcare organizations researched had at least two data loss or exfiltration incidents involving sensitive and confidential healthcare data in the past two years.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareExfiltrationData lossConfidential dataSensitive data

72% of healthcare organizations say they experienced an average of 21 cloud/account compromises.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareCloud compromiseAccount compromise

61% of healthcare organizations say cloud/account compromises increased complications from medical procedures.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareCloud compromiseAccount compromiseCyber attack consequences

61% of healthcare organizations that had ransomware attacks experienced an average of five such attacks in the past two years.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareRansomware

Ransom payment rates by healthcare organizations declined in 2025 (from 36% to 33% in 2025).

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareRansomwareRansom

The average number of cyberattacks experienced by U.S. healthcare organizations that suffered at least one cyberattack was 43, which is a 3-point increase from 40 in 2024.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareCyber attack

On average, healthcare organizations experienced 18 data loss or exfiltration incidents in the past two years.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareExfiltrationData loss

Concerns about budgets decreased from 40% to 37%.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareBudget

44% of healthcare organizations say their organizations experienced an attack against its supply chains, which is a significant decline from 68% in 2024.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareSupply chain attack

36% of healthcare organizations that experienced data loss or exfiltration incidents say it caused delays in procedures and tests that resulted in poor outcomes.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareExfiltrationData lossCyber attack consequences

55% of healthcare organizations say data loss or exfiltration incidents impacted patient care.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareExfiltrationData lossCyber attack consequences

The costliest ransom paid by healthcare organizations in 2025 represented a 60% increase from $771,905 in 2022.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareRansomwareRansom

In 2022, 64% of respondents from healthcare organizations said their organizations were very or highly vulnerable to BEC/spoofing/impersonation attacks.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareBECSpoofingImpersonation

67% percent of healthcare organizations say ransomware attacks had a negative impact on patient care.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareRansomwareCyber attack consequences

35% of healthcare organizations cite employee negligence because of not following policies as a primary root cause of incidents.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareInsider threatEmployee negligence

An average of 72% of U.S. healthcare organizations that experienced a cyber attack reported disruption to patient care, which is a 3-point jump from 69 percent in 2024.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareCyber attackCyber attack consequences

The costliest ransom paid (extrapolated value) by healthcare organizations was $1.2 million.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareRansomwareRansom

55% of respondents from healthcare organizations believe their organizations are vulnerable or highly vulnerable to a ransomware attack.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareRansomware

52% of healthcare organizations were vulnerable or highly vulnerable to a BEC/spoofing/impersonation incident in 2024.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareBECSpoofingImpersonation

64% of healthcare organizations say their organizations are vulnerable or highly vulnerable to a cloud/account compromise.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareCloud compromiseAccount compromise

93% of U.S. healthcare organizations experienced at least one cyberattack in the past 12 months.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareCyber attack

72% of healthcare organizations say their organizations have experienced cloud/account compromises, which is an increase from 69% in 2024.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareCloud compromiseAccount compromise

Healthcare organizations that experienced supply chain attacks, on average, experienced four supply chain attacks in the past two years.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareSupply chain attack

61% of healthcare organizations say cloud/account compromises resulted in disruption in patient care.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareCloud compromiseAccount compromiseCyber attack consequences

25% of healthcare organizations cite employees sending PII or PHI to an unintended recipient via email as a primary root cause of incidents.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareInsider threat

53% of healthcare organizations believe their organizations are vulnerable or highly vulnerable to a BEC/spoofing/impersonation incident.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareBECSpoofingImpersonation

56% of healthcare organizations that experienced ransomware attacks say it resulted in delays in procedures and tests.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareRansomwareCyber attack consequences

67% of healthcare organizations that experienced ransomware attacks say it resulted in longer lengths of patient stay.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareRansomwareCyber attack consequences

59% of attacked tools in healthcare organizations are text messaging.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
Healthcare

54% of attacked tools in healthcare organizations are Zoom/Skype/video conferencing.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
Healthcare

52% of healthcare organizations say cloud/account compromises resulted in longer length of patient stay.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareCloud compromiseAccount compromiseCyber attack consequences

45% of attacked tools in healthcare organizations are email.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareEmail

54% of healthcare organizations that experienced data loss or exfiltration incidents say it increased the mortality rate.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareExfiltrationData lossCyber attack consequences

25% of healthcare organizations cite privilege access abuse as a primary root cause of incidents.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareInsider threatPrivilege access abuse

The annual IT budget of healthcare organizations is $65 million.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareBudget

52% of healthcare organizations use secure email gateways to protect against email-based attacks, which is a 7-point increase from 2024.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareSEGEmail

21% of the IT budget of healthcare organizations is dedicated to information security, representing a 2-point jump year-over-year.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareBudget

43% of healthcare organizations report lacking in-house expertise concerning the top barrier to an effective cybersecurity posture.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareSkills

40% of healthcare organizations report lacking clear leadership as a top two barrier to an effective cybersecurity posture.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
Healthcare

57% of healthcare organizations say their organizations are very or highly vulnerable to supply chain attacks.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareSupply chain attack

55% of healthcare organizations are worried about the security risks created by insecure mobile apps.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareMobile app

38% of healthcare organizations identified generative AI or AI tools as a cybersecurity concern, a new category in this year’s study.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareGenAIAI

49% of healthcare organizations are less worried about BYOD.

Proofpoint2025 Ponemon Healthcare Cybersecurity Report ·Oct 8, 2025
HealthcareBYOD