The healthcare sector experienced 86 ransomware attacks.

The healthcare, government, and technology industries together represented 53% of all publicly disclosed ransomware activity during Q3 2025.

Only 42% of healthcare organizations have signed a Business Associate Agreement (BAA) covering any AI assistant used in email.

Only 16% of healthcare organizations have trained most of their staff (75-100%) who have access to PHI on AI usage in email.

83% of healthcare IT and compliance leaders have raised concerns about AI security.

21% of respondents from healthcare organizations believe a Business Associate Agreement (BAA) isn’t required for an AI email assistant.

75% of healthcare organizations say AI has added confusion, not clarity, to email compliance.

69% of healthcare IT leaders feel pressured to adopt AI faster than they can secure it.

62% of healthcare IT and compliance leaders have observed staff experimenting with ChatGPT or similar tools even though they’re unsanctioned.

94% of healthcare organizations have begun updating security policies to address generative AI threats in email.

58% of healthcare organizations have not signed a BAA for an AI email tool so far.

25% of healthcare organizations have not formally approved any staff use of AI in email.

41% of healthcare IT and compliance leaders feel confident they could detect improper AI use before a HIPAA violation occurs.

16% of healthcare IT and compliance leaders admit compliance was never consulted before AI email tools were enabled.

95% of healthcare organizations report staff are already using AI tools.

20% of organizations in the healthcare sector experienced ransomware incidents annually.

30.66% of healthcare organizations reported limited visibility into their entire environment.

The healthcare sector had the highest average ransom payment at $7.5 million

In Q2 2025, there were 92 reports of ransomware attacks on healthcare organizations.

Ransomware groups claimed 118 healthcare organizations as victims in Q3 2025.