Cyberattacks on hospitals are becoming a patient safety crisis

By Mark Brooks, VP Partnerships, Videolab

In 2025, publicly disclosed ransomware attacks against healthcare organizations rose 49% year over year, according to BlackFog's 2025 State of Ransomware Report — and BlackFog's own data suggests that figure is a floor, not a ceiling: an estimated 86% of attacks are believed to go undisclosed entirely. That's not really an IT statistic. It's a patient safety one.

When systems go down, so does care

Healthcare's shift to electronic health records, cloud diagnostics, telehealth, and connected devices has made care faster and more data-driven. It has also made hospitals bigger targets, holding more sensitive data than almost any other sector while running services that can't simply be switched off while a breach is contained.

The scale is no longer abstract. In February 2026, a breach of medical software used bythousands of French doctors exposed the records of roughly 15.8 million patients. In the UnitedStates, the Change Healthcare breach — now confirmed by HHS at 192.7 million individuals —stands as one of the largest healthcare data incidents ever recorded.

When a hospital loses access to its systems, diagnostics get delayed, pharmacy services stall,surgeries get cancelled, and emergency patients get diverted elsewhere. In a sector where time routinely determines outcomes, digital resilience and clinical resilience are the same thing.

Why cybersecurity keeps losing to other priorities

Despite that, many institutions still budget for cybersecurity as a compliance line item rather than a clinical one. Part of the reason is architectural: hospital networks were largely builton the assumption that anything already inside the network could be trusted. Modern attacks arebuilt entirely around exploiting that assumption — a single compromised credential can unlocksystems far beyond where it was issued.

"Healthcare is digitizing faster than many institutions can secure it", says Dag Flachet,co-founder of Codific. "Every connected device, platform, or collaboration tool becomes anotherpotential entry point for attackers. Security needs to evolve at the same pace as digital healthcare innovation."

What closing the gap actually requires

Zero trust architecture is the starting point: verifying every user, device, and application at every interaction with sensitive systems, rather than trusting anything already inside the perimeter. Palo Alto Networks' 2025 Unit 42 Incident Response Report found IAM-related gaps contributing to 41% of the incidents it investigated — exactly the kind of lateral movement zero trust is designed to stop.

It also means securing the thousands of connected devices — infusion pumps, monitors, imaging systems — that make up a modern hospital's Internet of Medical Things, many of which were never designed with security in mind and can't easily be patched. And it means treating recovery as seriously as prevention: tested offline backups and disaster recovery protocols remove ransomware's core leverage, because the threat only works if paying is genuinely faster than restoring.

None of this holds if the vendors behind billing, scheduling, EHR, and telehealth platforms aren't held to the same standard. Supply chain compromises don't stay contained to one vendor —they ripple across every institution that vendor serves.

Cybersecurity is now a public health issue

Cyberattacks on hospitals aren't isolated technical incidents anymore. They're systemic risks capable of disrupting care at scale, and hospitals increasingly operate as digital infrastructure whether they've budgeted for it that way or not. Protecting patients now means protecting the systems behind their care with the same seriousness as sterile equipment or trained staff — because increasingly, they're the same job.

Scroll to Top