Number of healthcare organizations that lost over $200K from data breaches rises 400%
In a year’s time, nearly half of all healthcare organizations experienced a cybersecurity incident. Further, in 2025, the number of cyberattacks that resulted in these organizations losing more than $200,000 rose by 400%, a new report revealed.
According to cybersecurity firm Netwrix, between March 2024 and March 2025, 48% of healthcare entities were subject to some kind of data breach incident, either from phishing or another form of attack.
During that time, financial losses associated with data breaches also skyrocketed. In 2024, 2% of organizations in healthcare—which includes hospitals, health systems, payer groups and others—suffered more than $500,000 in associated losses. That number jumped to 12% during the same period in 2025.
That figure puts healthcare in the lead for steepest financial impact from breaches. According to analysts at Netwrix, the average among other industries that suffered losses over $500,000 is just 6%.
The firm said its data comes from interviews with 2,150 IT and data security professionals from 12 countries across all industries. While it previously released a larger annual report emphasizing global threats across all sectors, on Thursday Netwrix released a supplementary analysis focused exclusively on healthcare.
“Healthcare is being hit harder than other industries because attackers know patient records carry high value and operations can’t afford disruption,” Netwrix CEO Grady Summers said in a statement. “These attacks often start with compromised credentials, which is why identity has to be the first line of defense for patient data.”
As for why the attacks have ramped up and been more successful, 37% of respondents told Netwrix that artificial intelligence is to blame. Hackers have been using AI-based technologies to perform data breaches at an accelerating rate, forcing healthcare entities to adopt new defensive measures on the fly.
“Attackers are moving faster than defenders, and AI is widening that gap,” Jeff Warren, chief product officer at Netwrix, added. “Closing it requires resilience built on an identity-first approach that protects both accounts and the sensitive data they can access.”
Sophisticated phishing
Of note, compromising admin and user accounts ranked highest in how hackers gained access to systems. Roughly one-third (31%) of those surveyed said their healthcare groups had experienced these types of access intrusions, often made possible by social engineering and phishing through fake emails and other messages—something AI has made more efficient.
Looking back at data from the 2024 report, 84% of healthcare-related entities said they spotted an attempted data breach over the last year. Of them, 74% were related to user or admin account compromise.
As for why healthcare is hit more often, an expert at Netwrix said in 2024 that it comes down to the high value of protected health information on the black market. Given its ability to be easily sold on dark web forums, it remains a top target for criminals.
The firm recommended that organizations deploy automated tools to spot phishing attempts and automatically secure user accounts in the event of suspicious activity. It also said that organizations should seek to minimize who has network access privileges, which will limit vectors for attack.
The full 2025 report is available here.
Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.