Oct 10, 2025 | 4:24 am UTC

Cybersecurity In Healthcare Is Now A Clinical Safety Issue

By Tony Bradley, Senior Contributor | 6 min read | | 1 day ago | 228 views
Cybersecurity In Healthcare Is Now A Clinical Safety Issue


When cybersecurity fails in healthcare, people get hurt. That isn’t metaphorical—it’s literal. The 2025 Ponemon Healthcare Cybersecurity Report shows what many in the field have long feared: the line between cyber risk and clinical risk has vanished.

I’ve covered cybersecurity for two decades, and every year the data gets more sobering. But this year’s results land differently. Ninety-three percent of healthcare organizations surveyed reported at least one attack in the past year, with victims hit an average of 43 times. Those aren’t abstract numbers—they represent disrupted surgeries, delayed lab results and ER doctors locked out of digital records when seconds matter most.

“Patient safety is inseparable from cyber safety,” said Ryan Witt, Proofpoint’s healthcare leader. “When care is delayed, disrupted, or compromised due to a cyberattack, patient outcomes are impacted, and lives are potentially put at risk.”

The Human Cost Behind the Metrics

Across ransomware, business email compromise, cloud/account compromise and supply-chain attacks, 72 percent of affected organizations said patient care was disrupted. More than half saw longer hospital stays or more complications. Nearly a third reported higher mortality.

We often talk about “critical infrastructure” as if it’s a collection of wires and servers, but here it’s literally human infrastructure—nurses, physicians, technicians—who can’t safely deliver care when systems go dark. The average cost of a major attack dropped to $3.9 million from $4.7 million, but that’s cold comfort when ransom payments rose to $1.2 million and the true cost is measured in missed diagnoses.

The Expanding Blast Radius

One thing that stood out to me is how quickly everyday collaboration tools have become high-risk surfaces. Texting, video calls and email—essential for coordinating care—were the most attacked channels. This echoes what I’ve heard in conversations with CISOs and clinical IT leaders: the closer technology gets to the patient, the thinner the security margin becomes.

Supply-chain compromises declined slightly this year, yet they remain the most dangerous, disrupting care in 87 percent of cases. When a lab system or device-update pipeline breaks, you can’t simply “failover” to a manual backup. There is no paper version of an MRI.

Scott Crawford, head of information security research at 451 Research / S&P Global, told me that this spotlight on healthcare is long overdue. “Healthcare is—and ought to be—a major focus of cybersecurity, for a host of reasons,” he said. “The criticality to life and safety of healthcare technology, the highly sensitive nature of both patient and practitioner information, and the impact on finance at virtually every level make these exposures an attractive target.”

He emphasized that providers have a mandate to make security assurance accessible “from the largest healthcare entities to smaller clinics and practices, and ultimately for everyone who interacts with healthcare systems—and that means everyone.” In a world where attackers exploit the weakest link, protecting a small rural clinic is protecting the entire healthcare ecosystem.

The Ransomware Reality

Ransomware remains the defining threat. The Proofpoint–Ponemon study found that while fewer victims are paying, the price of those who do continues to rise. IDC’s Michelle Abraham stressed that their own data tells a similar story. She added, “AI-powered analytics can enhance cybersecurity by forecasting potential vulnerabilities and attack vectors, enabling proactive risk management rather than relying on reactive incident response.“

It’s a reminder that the healthcare sector’s problem isn’t just too many alerts—it’s too little foresight.

Insider Risk and Everyday Errors

Not all incidents are headline-grabbing ransomware attacks. Ninety-six percent of organizations reported at least two data-loss or exfiltration events in the past two years, mostly from insiders—often unintentional ones. A mis-addressed email containing patient records can have the same regulatory and reputational impact as a full-scale breach. More than half of these incidents disrupted care; some correlated with higher mortality. It’s the kind of statistic that should make every hospital board rethink what “cyber risk” means.

The AI Paradox

AI adoption is rising fast in healthcare security. Over half of providers are embedding AI into defensive workflows, and many say it’s improving response times. Yet 60 percent admit they’re struggling to protect the sensitive data used to train those systems. I’ve written before about AI’s “double-edged sword” in cybersecurity—this is that concept playing out in real time. The same automation that accelerates detection can also magnify data-handling mistakes if governance lags behind.

Melinda Marks, cybersecurity practice director at Omdia, notes that this tension reflects a skills and resource gap. “Our research shows that organizations face challenges with skill sets and resources to help with data resilience and cybersecurity, including the need to discover, classify and protect sensitive data,” she said. “This is particularly challenging in healthcare to protect sensitive patient information and effectively manage access for vital services, where not being able to access information could be life-threatening, and attackers always look for weak spots for entry to steal valuable data.”

That’s the paradox of AI in healthcare: it can make care faster and more reliable, but it also raises the stakes if data governance falters.

Lessons From the Front Lines

Three themes emerge from the report that I see echoed across industries:

  • Identity is the new perimeter. Phishing-resistant MFA and continuous access monitoring aren’t optional when clinical collaboration runs on text and video apps.
  • Human error must be anticipated, not blamed. Simulation training helps, but pairing it with adaptive policies—like context-aware data-loss prevention—makes mistakes survivable instead of catastrophic.
  • Resilience is the new compliance. Healthcare can’t wait for an auditor’s checklist to prove readiness. True resilience means testing how long you can safely operate when every screen goes blank. If the answer is “minutes,” then the plan isn’t ready.

Dr. Larry Ponemon summed it up bluntly: “Cyberattacks are now routinely affecting patient safety, and while security spending is up, many organizations still lack clear leadership and internal expertise to meet the challenge.”

That gap—between spending and capability—is where the real danger lies. Technology investment without strategy is just an expensive illusion of safety.

Trust Is the Real Metric

In healthcare, uptime is measured in lives.

Patients don’t think about identity-access logs or EDR telemetry; they expect that their doctor can see their chart and their treatment will start on time. That invisible confidence—that trust—is the ultimate indicator of cyber maturity.

If there’s one takeaway from this year’s findings, it’s that cybersecurity is no longer an IT discipline supporting care; it is care. The hospitals that internalize that will define what “patient safety” means in a digital era.



Forbes

Leave a Reply

Your email address will not be published. Required fields are marked *

More News to Read