Healthcare Firms' Hack-Related Losses Outpace Those of Other Sectors

The healthcare sector has been left reeling from a surge in cyberattacks, with companies in this industry experiencing losses exceeding $500,000 at a rate far higher than other sectors. According to a new report by Netwrix, the company's annual threat report, which highlighted trends such as understaffed security teams and the rise of AI-powered threats, has revealed that healthcare organizations are being targeted more frequently than ever before.

Understaffed Security Teams Leave Healthcare Firms Vulnerable

The report, based on interviews with 2,150 IT and security professionals from organizations in 121 countries, shows that nearly one-third of respondents had experienced attacks where hackers commandeered user accounts. This is a stark reminder of the importance of robust security measures, particularly when it comes to protecting sensitive patient data.

AI-Powered Cyberattacks Pose Major Concern

37% of respondents identified AI-powered cyberattacks as a major concern that requires better defenses. Netwrix CEO Grady Summers notes that attackers know patient records carry high value and operations can't afford disruption, making healthcare organizations a prime target.

"These attacks often start with compromised credentials, which is why identity has to be the first line of defense for patient data," Summers said in a statement.

Rise in Large-Scale Hack-Related Losses

The finding that 12% of healthcare organizations experienced hack-related losses above $500,000 is significant not only because of its comparison to the cross-sector average but also represents a major increase from 2024, when Netwrix reported that only 2% of healthcare organizations experienced losses that big.

"This is a disturbing trend," said Jeff Warren, Netwrix's chief product officer. "Attackers are moving faster than defenders, and AI is widening that gap. Closing it requires resilience built on an identity-first approach that protects both accounts and the sensitive data they can access."

The Need for Zero-Trust Networking

Netwrix executives emphasize the need to double down on the basics of zero-trust networking, especially protecting their identity infrastructure. This is crucial in countering AI-powered threats, which are increasingly sophisticated and challenging to detect.

By implementing a robust identity-first approach, organizations can protect themselves against attacks that target compromised credentials, user accounts, and sensitive data. As Warren notes, "Resilience built on an identity-first approach is the key to closing the gap between attackers and defenders."

The healthcare sector's vulnerability to cyberattacks serves as a stark reminder of the importance of investing in robust security measures and prioritizing patient data protection. With the rise of AI-powered threats, it's more crucial than ever for organizations to adopt a zero-trust networking approach and strengthen their identity infrastructure.