From Digital Innovation to Patient Harm: Why Healthcare Cybersecurity Is Now a C-Suite Imperative

By John Fokker · January 27, 2026

For decades, healthcare systems were designed with one core principle: patient safety. Clinical devices operated in largely closed environments, disconnected from the internet, engineered for reliability rather than resilience against cyber threats, and the impact of a vulnerability in a device in isolation was limited. That era is over. Currently, digital transformation, cloud adoption, remote access, and AI-driven workflows are driving healthcare to innovate and, in doing so, have dramatically expanded the healthcare attack surface. The result is a threat environment where cyber incidents are no longer an IT disruption. They are a patient safety crisis.

Trellix’s 2025 Healthcare Cybersecurity Threat Intelligence Report provides a grounded, data-driven overview for executive leaders of what this new healthcare threat landscape looks like and what needs to change.

The scale of the problem

In 2025 alone, Trellix recorded 54.7 million detections across our global healthcare customer base. These are not theoretical risks; they are daily attempts to breach clinical environments. Alarmingly, 75 percent of all detections originated in the United States, underscoring the extent to which U.S. healthcare infrastructure is being targeted. Email was the dominant vector, accounting for 85 percent of detections.

Healthcare also marked its fifteenth consecutive year as the most expensive industry for data breaches. In the United States, the average cost of a healthcare breach climbed to 10.22 million dollars per incident, up 9.2 percent year over year.

When cyber becomes clinical

Our report identifies 2025 as the year of the cascading effect. Attackers no longer need to penetrate core clinical systems directly, as demonstrated in previous years. A breach in administrative IT, building management systems, or even HVAC controllers can now impact clinical workflows. The human toll is staggering. Hospitals suffering cyberattacks experienced a 29% increase in inpatient mortality, while neighboring hospitals saw an 81% surge in cardiac arrests due to emergency diversions. This is not a technology issue—it is a life-or-death issue.

Hospitals lose up to $9,000 per minute during outages. Average healthcare organizations experienced more than 17 days of downtime per attack, with 76% requiring more than 100 days to fully recover. The year 2025 is seeing a chilling, but increasingly common, evolution in cybercrime: patient extortion. Ransomware groups no longer stop at encrypting servers. They steal medical records and then text patients directly demanding privacy fees to prevent exposure of diagnoses, HIV test results, or treatment histories. Qilin alone exfiltrated 852 gigabytes of patient data from Covenant Health in one incident. The underground economy now values a single electronic health record at $60, nearly 20 times the value of a stolen credit card. This explains why attackers are shifting from traditional ransomware to exfiltration-only campaigns, which tripled in frequency in 2025.

The healthcare attack surface today is a web of internet-connected infusion pumps, imaging systems running legacy operating systems, patient monitors transmitting data in plain text, and building management systems with known exploited vulnerabilities. Research found that 99% of hospitals manage at least one device with a known exploited vulnerability, and 60% of medical devices are end-of-life and unpatchable. This creates ideal conditions for attackers to move from HVAC to imaging systems to EHR databases silently, efficiently, and at scale.

Why this is a C-suite problem

Cyber risk is an enterprise risk, especially for healthcare organizations. Nearly half of breached healthcare organizations raised service prices in 2025 to absorb breach costs. Federal HIPAA penalties escalated sharply, with willful neglect fines reaching $1.5 million per year. Smaller providers are being pushed to the brink, with 200,000-dollar losses often marking the line between survival and closure.

No CISO can fix this alone. It requires board-level recognition that cybersecurity is inseparable from patient safety, operational resilience, financial sustainability, and brand trust.

Trellix’s commitment to healthcare

Healthcare is not just another vertical for Trellix. It is a mission. Our vantage point, built on millions of daily detections and deep collaboration with hospitals globally, enables us to translate telemetry into real-world intelligence. But insight without action is not enough. Healthcare is in the middle of a digital revolution. AI, cloud platforms, and connected care will improve outcomes, reduce costs, and save lives. But without cybersecurity at the center of that transformation, innovation becomes a liability. Cyberattacks are now a direct threat to patient safety, and that is a responsibility no organization can afford to ignore.

We hope this 2025 Healthcare Cybersecurity Threat Intelligence Report provides you with insight, clarity, and strategic guidance as you navigate this evolving threat landscape. Our goal is to help healthcare leaders protect what matters most: patients' trust and the continuity of care.

Discover the latest cybersecurity research from the Trellix Advanced Research Center: https://www.trellix.com/advanced-research-center/