1. Forum
  2. Health
  3. HN CHAT

  • Healthcare cyber risk in 2026: What the claims data actually show

    From TechnologyDaily@999:1/2 to All on Wed Jun 3 08:00:25 2026
    Healthcare cyber risk in 2026: What the claims data actually shows

    Date:
    Wed, 03 Jun 2026 06:50:56 +0000

    Description:
    A year of record-breaking breaches has healthcare leaders asking the wrong question. Here is what the claims data shows is actually driving loss, and
    the five controls that measurably reduce it.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Healthcare cybersecurity in
    2026 is defined less by novel attack techniques than by a widening gap
    between which controls organizations report having and which controls are reducing loss.

    Our portfolio data from 2023 through mid-2025 shows that social engineering, backup gaps, and weak data governance drive the majority of material losses
    in healthcare claims. Si West Social Links Navigation

    Director of Customer Engagement at Resilience. The headline numbers already tell part of the story. U.S. healthcare organizations reported 275 million records breached in 2024, more than double the prior year and the largest single-year exposure in the sector's history. Latest Videos From Watch full video here: You may like Healthcare cyber risk grows as visibility gaps
    expose third-party threats When confidence becomes a risk: The gap between cyber resilience readiness and reality From boardroom risk to deal flow: why cyber M&A is accelerating in 2026

    Ransomware attacks against healthcare climbed 32 percent over the same period, and the Change Healthcare incident alone exposed an estimated 190 million individuals.

    The useful question for CISOs, CFOs, and boards is not how big the breaches got. It is what claims data reveals about which threats are driving losses
    and which investments are measurably reducing them. What is driving
    healthcare cyber losses right now Social engineering drove 88 percent of material losses across our portfolio in the first half of 2025, and healthcare-specific claims followed the same pattern. Phishing, business
    email compromise, and vendor compromise show up repeatedly in the underlying incident data, alongside backup gaps that leave organizations exposed when ransomware lands and tracking pixel errors that quietly expose patient information.

    The threat actor landscape is also more distributed than the most visible groups suggest. While BlackCat and Cl0p appeared most frequently in healthcare-related activity, the actual successful intrusions were spread
    more evenly across operators like Interlock, Lockbit, and Medusa. That distribution matters for defenders, hardening against the loudest names while remaining exposed to lesser-known operators is a specific failure mode the data keeps surfacing. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners
    or sponsors By submitting your information you agree to the Terms &
    Conditions and Privacy Policy and are aged 16 or over.

    Extortion demands have also climbed. In the first half of 2025, healthcare-related incidents in the portfolio carried extortion demands as high as $4 million. Those costs carry a different weight when patient care is at stake and the alternative to paying is not just operational disruption but clinical risk. Which cybersecurity controls reduce risk in healthcare Five controls show the highest measurable risk reduction in healthcare
    environments in our portfolio: secure email gateways, immutable backups, multi-factor authentication on all remote access, formal data governance, and regular tabletop exercises that include clinical operations. None of these
    are exotic, and most healthcare organizations can implement them without a transformational budget request.

    Two findings in the portfolio data stand out as specific to healthcare. Immutable backups deliver stronger risk reduction in healthcare than in other industries on average, largely because ransomware against clinical systems creates a different recovery calculus than ransomware against, say, a manufacturer's ERP software . And organizations with a formal data governance committee see more than three times the risk reduction compared to peers in other sectors, a reflection of how much of healthcare's exposure lives in the data layer itself, not just the endpoint . What to read next The shocking reason 43% of UK businesses have been hit by cyber attacks last year No Decision is the new breach: Why inaction is becoming a career risk for CISOs in 2026 Backups wont save you from this version of ransomware

    The pattern matters more than any single control. Every control on the list operates before or during an incident, not after. That is where the
    measurable risk reduction lives. Why the budget conversation keeps breaking down Healthcare CISOs face a specific version of a universal problem: the controls with the highest modelled risk reduction are often the least visible to executive leadership, and the controls most visible to executive
    leadership are often the ones with the weakest loss-reduction signal. That asymmetry is what quantifying cyber risk is meant to close.

    In practice, the healthcare organizations getting ahead on this are doing three things. They are translating control adoption into dollar terms their CFO can evaluate against other capital decisions. They are prioritizing spend against the specific controls the claims data identifies as high-ROI in their sector, rather than defaulting to a framework checklist. And they are running tabletop exercises that include clinical leadership, not just IT, because the decisions that determine whether a ransomware event becomes a patient-care event are not purely technical. What this looks like in practice Two contrasting examples from our portfolio make the point. A mid-sized regional health system believed its security posture was stronger than it turned out
    to be and discovered the gap the hard way during a major ransomware incident, including the discovery that clinical imaging files had been left out of its backup strategy. Recovery costs, regulatory exposure, and care disruption compounded.

    A mid-market biotechnology firm took a different path. It built a quantified, prioritized cyber risk program, mapped its controls against its largest modelled loss scenarios, and was able to redirect security spending toward
    the controls with the highest return. When an attempted business email compromise hit, the controls worked, and the claim never materialized.

    The gap between those two outcomes was not budget. It was how each organisation decided what to spend the budget on. What healthcare security leaders should do now Three moves are defensible, specific, and available without a transformational program. First, audit the organization's backup posture against a realistic ransomware scenario, including clinical systems and imaging data, not just administrative files. In our portfolio, backup
    gaps are one of the single largest drivers of healthcare ransomware severity.

    Second, measure social engineering resilience directly. Tabletop exercises, phishing simulations, and control reviews of email gateway posture are faster to run than most organizations assume, and social engineering's share of material loss makes them high-ROI by any reasonable measure.

    Third, translate the top three or four risk scenarios into dollar terms and walk them to the board. The CFO conversation goes differently when the ask is framed as loss reduction, not technology spend. Risk quantification is what makes that reframe defensible.

    This shows the need for risk quantification on plausible material loss scenarios; without it, budget conversations stay abstract while the exposure stays real. It requires a willingness to let the claims data, rather than the vendor roadmap, set the priority list. We feature the best cloud backup services . This article was produced as part of TechRadar Pro Perspectives , our channel to feature the best and brightest minds in the technology
    industry today.

    The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit



    ======================================================================
    Link to news story: https://www.techradar.com/pro/healthcare-cyber-risk-in-2026-what-the-claims-da ta-actually-shows

    --- Mystic BBS v1.12 A48 (Windows/64)
    * Origin: Mystic Hobbies BBS mystic-hobbies.com (999:1/2)