A new report finds that average cyber insurance claim severity in the healthcare sector exceeded $2 million per incident in 2025.
Healthcare organizations are facing an increasingly expensive cyber threat environment, with social engineering accounting for 88% of material financial losses, according to a new report from Resilience.
The report, US Healthcare and Cyber Risk: Threats, Trends and Strategies, identifies security practices that deliver measurable reductions in financial loss. Data from the report shows that average claim severity surpassed $2 million per incident in 2025, a significant increase from $800,000 in 2024. Individual extortion demands reached as high as $4 million during the first half of the year.
The broader landscape shows that 275 million healthcare records were breached in 2024, which is more than double the previous year, according to the HIPAA Journal 2024 Healthcare Data Breach Report cited in the report. Ransomware attacks in the sector also increased by 32%, based on data cited from Check Point Research.
“Healthcare is one of the most targeted sectors in the country, and the financial stakes have never been higher,” says Vishaal Hariprasad, CEO of Resilience, in a release. “What makes this research meaningful is that it goes beyond cataloguing the threat—it tells us what’s actually working. When we translate cyber risk into financial terms and look at real claims outcomes, the picture becomes much clearer for the leaders who have to make hard decisions about where to invest.”
High-ROI Security Controls
The analysis identified five security controls that provide the highest return on investment for reducing financial exposure:
- Role-based access controls: These limits the likelihood and scope of a breach across systems with diverse user types and sensitive patient data.
- Dual authorization for wire transfers: This serves as a low-cost defense against social engineering and fraud tactics.
- Breach and attack simulations: These simulations on endpoint detection and response platforms surface blind spots in tools that might otherwise go undetected.
- Multi-factor authentication (MFA): Using MFA for email remains a high-impact defense, as email is a frequent entry point for threat actors targeting protected health information.
- Continuous anti-fraud training: Ongoing instruction produces measurably lower financial exposure compared to periodic or compliance-driven training.
Healthcare-Specific Strategies
The data also highlighted practices that are specifically effective within the healthcare industry. Organizations that maintained immutable backups for clinical imaging files, databases, and system configurations achieved stronger risk reduction than peers in other sectors.
Furthermore, healthcare organizations that established a data governance committee achieved more than three times the risk reduction compared to organizations in other industries.
The report suggests that many organizations continue to experience losses because they manage cyber risk through a compliance lens rather than a financial one. While HIPAA established baseline protections, the report notes it was not designed for modern threats. Organizations that achieve the best outcomes are those that quantify exposure in financial terms and model potential losses based on their specific risk profile.
“The healthcare organizations building genuine resilience aren’t necessarily the ones with the biggest security budgets,” says Jud Dressler, head of the risk operations center at Resilience, in a release. “They’re the ones that have aligned their investments to the risks that carry the highest financial consequences. Controls like dual authorization for wire transfers or continuous anti-fraud training aren’t expensive—but they’re delivering outsized protection.”
ID 447820830 © Andrii Yalanskyi | Dreamstime.com
