Resilience Report Reveals Healthcare Cybersecurity Gaps, Highlights Cost-Effective Defenses
Event summary
- Resilience's 2026 report identifies social engineering as the driver of 88% of material losses in healthcare cyber incidents.
- Average claim severity in healthcare cyber incidents exceeded $2 million per incident in 2025, up from $800,000 in 2024.
- Five specific security controls, including dual authorization for wire transfers and continuous anti-fraud training, deliver the highest ROI.
- Healthcare organizations with data governance committees achieved more than three times the risk reduction compared to other industries.
The big picture
Resilience's report underscores the financial stakes of cyber threats in healthcare, highlighting a misalignment between security investments and actual risk reduction. The findings suggest that strategic, data-driven approaches—rather than budget size—are key to mitigating losses. This trend reflects broader industry challenges in balancing regulatory compliance with proactive risk management, particularly as cyberattacks evolve in sophistication and financial impact.
What we're watching
- Effectiveness of Defenses
- Whether healthcare organizations can sustain risk reduction by focusing on high-ROI, cost-effective security controls.
- Evolving Threats
- The pace at which lesser-known ransomware groups like Interlock, Lockbit, and Medusa adapt to healthcare defenses.
- Regulatory Alignment
- How healthcare organizations shift from compliance-driven to financially quantified cyber risk management.
Related topics