Ransom payment rates by healthcare organizations declined in 2025 (from 36% to 33% in 2025).

49% of healthcare organizations are less worried about BYOD.

67% of healthcare organizations that experienced ransomware attacks say it resulted in longer lengths of patient stay.

61% of healthcare organizations that had ransomware attacks experienced an average of five such attacks in the past two years.

56% of healthcare organizations that experienced ransomware attacks say it resulted in delays in procedures and tests.

25% of healthcare organizations cite employees sending PII or PHI to an unintended recipient via email as a primary root cause of incidents.

53% of healthcare organizations believe their organizations are vulnerable or highly vulnerable to a BEC/spoofing/impersonation incident.

57% of healthcare organizations say their organizations are very or highly vulnerable to supply chain attacks.

58% of employees in the healthcare and pharmaceuticals industry have received training on AI safety and data security.

62% of AI users in healthcare and pharma engage with AI daily.

59% of Healthcare & Pharma professionals are very confident in their AI skills.

17% of employees in healthcare and pharma reported no training in AI tools.

62% of Healthcare & Pharma professionals report moderate daily use of AI.

The number of health care S&P 500 companies disclosing AI-related risks jumped from 5 in 2023 to 47 in 2025.

58% of organizations in the healthcare sector experienced email incidents, yet only 36% feel very confident in their compliance posture.

Between 2019 and 2023, healthcare experienced large losses primarily from ransomware (57.1%), followed by data breaches (28.6%) and other causes (14.3%).

Healthcare, retail, and manufacturing remained the most targeted sectors.

Healthcare experienced extortion demands as high as $4 million.

Healthcare, retail, and manufacturing remained the most targeted sectors.

The average duration business operations were affected by ransomware in health care was 70 days.