The massive cyberattack on UnitedHealth Group's Change Healthcare two years ago this month was a wake-up call for many in the health care industry. Although security breaches were not as high profile in 2025, the number of incidents continued to increase, according to statistics from the Health Information Sharing and Analysis Center.
"Health-ISAC observed a continuous trend of cybersecurity incidents and data breaches affecting health sector organizations over the past year," the organization's latest Health Sector Heartbeat report found. "Ransomware events have exhibited a consistent upward trend over the past few years. Quarter four of 2025 is no exception, showing a significant increase in health sector ransomware incidents compared to all previous quarters of 2025."
Health-ISAC identified 4,043 incidents across all sectors in the first half of 2025, followed by 4,860 incidents in the second half of the year. This indicates that 2026 likely will be a record-breaking year if the trend continues. The total number of incidents in 2025 (8,903) surpassed that of 2024 (5,744), representing an increase of 55%. Health sector-specific incidents also increased but not as sharply. There were 476 incidents in 2024, rising to 575 in 2025 for a 21% increase.
The most common breaches were open and exposed databases, exposed remote access tools, vulnerable Ivanti Endpoint Manager instances and Windows server update services remote code execution bugs. Health-ISAC recommends several strategies to help mitigate risk.
- Patch management: Regularly update and patch all systems, especially public-facing applications.
- Email security: Implement advanced email filtering solutions to detect and block phishing attempts. Train employees to recognize phishing emails and report suspicious activity.
- Endpoint protection: Deploy endpoint detection and response solutions to identify and block malicious activities. Enable application whitelisting to prevent unauthorized software execution.
- Access controls: Enforce the principle of least privilege to limit user access to only what is necessary. Implement multifactor authentications for all accounts, especially those with remote access.
- Network segmentation: Isolate critical systems with segment networks to prevent lateral movement. Restrict remote desktop protocol access to trusted internet protocols and monitor for unusual activity.
- Backup and recovery: Maintain regular offline backups of critical data, test recovery procedures, and ensure that backups are encrypted and stored in a secure location.
"The health sector has become one of the most targeted sectors in the world, not because it's the easiest but because the consequences of disruption are so severe," said Errol Weiss, chief security officer for Health-ISAC. "This report is a clear warning -- cyber threats are no longer isolated events. They represent lifesaving business continuity crises that can impact patient care, staff safety and public trust."
(Photo credit: Shutterstock)
This article originally appeared on BenefitsPro and may not be reprinted.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.