The healthcare sector experienced 86 ransomware attacks.

Ransomware attacks in the healthcare sector accounted for 32% of all incidents in Q3 2025.

94% of healthcare organizations have begun updating security policies to address generative AI threats in email.

58% of healthcare organizations have not signed a BAA for an AI email tool so far.

75% of healthcare organizations say AI has added confusion, not clarity, to email compliance.

21% of respondents from healthcare organizations believe a Business Associate Agreement (BAA) isn’t required for an AI email assistant.

69% of healthcare IT leaders feel pressured to adopt AI faster than they can secure it.

25% of healthcare organizations have not formally approved any staff use of AI in email.

41% of healthcare IT and compliance leaders feel confident they could detect improper AI use before a HIPAA violation occurs.

95% of healthcare organizations report staff are already using AI tools.

Only 16% of healthcare organizations have trained most of their staff (75-100%) who have access to PHI on AI usage in email.

83% of healthcare IT and compliance leaders have raised concerns about AI security.

62% of healthcare IT and compliance leaders have observed staff experimenting with ChatGPT or similar tools even though they’re unsanctioned.

16% of healthcare IT and compliance leaders admit compliance was never consulted before AI email tools were enabled.

Only 42% of healthcare organizations have signed a Business Associate Agreement (BAA) covering any AI assistant used in email.

20% of organizations in the healthcare sector experienced ransomware incidents annually.

The healthcare sector had the highest average ransom payment at $7.5 million

30.66% of healthcare organizations reported limited visibility into their entire environment.

Ransomware groups claimed 118 healthcare organizations as victims in Q3 2025.

In Q2 2025, there were 92 reports of ransomware attacks on healthcare organizations.