The biggest ranson request to a healthcare organization was $98m: Healthcare Cybersecurity Threats Continue Rising as Hospitals Increase Spending on Cloud and Patient Data Protection

Hospitals are entering a new phase of cybersecurity spending as ransomware attacks, cloud account compromises and third-party data breaches continue to threaten patient care. What was once treated mainly as an IT problem has become a boardroom issue, a clinical safety concern and a major capital investment priority.

The pressure is rising because healthcare has become one of the most attractive targets for cybercriminals. In 2025, healthcare and public health was the top sector targeted for ransomware and other cyberthreats, with hundreds of ransomware attacks and major data breaches reported across the industry.

Hackers are demanding unprecedented sums from healthcare organizations following ransomware attacks, underscoring how vulnerable hospitals and medical systems have become to cybercrime. According to BakerHostetler’s annual Data Security Incident Response Report, which analyzed more than 1,250 cyber incidents handled by the law firm in 2025, healthcare organizations faced an average ransomware demand of $18.2 million — nearly six times higher than the next-closest industry. Despite the enormous demands, healthcare firms paid an average of $1.2 million to attackers, compared with an average demand of $3.2 million and payment of $1.7 million in the energy and technology sectors. The report also found that the largest ransom demand in healthcare reached a staggering $98 million, while the highest payment made totaled $5 million, both representing the highest figures of any industry analyzed. Healthcare, including pharmaceutical and biotechnology companies, accounted for 27% of all data breaches reviewed in the report, more than finance and insurance at 18% and business and professional services at 15%. On average, each healthcare breach affected approximately 357,020 individuals, while the largest single breach exposed the data of 3.4 million people. The operational impact was also severe, with healthcare organizations taking an average of 12.7 days to restore systems and data following ransomware attacks, while forensic investigations cost nearly $40,000 on average.

The reason is simple: hospitals hold some of the most valuable data in the economy. A stolen credit card can be canceled, but a patient record can contain names, Social Security numbers, insurance information, prescriptions, diagnoses, billing records and family details. That makes healthcare data especially valuable on criminal marketplaces.

Cybersecurity is no longer just an IT issue. For hospitals, it has become a patient safety issue.

Attacks Are Increasing Across Healthcare

The newest wave of attacks is becoming more dangerous because cyber incidents can now directly disrupt patient care and hospital operations. Healthcare organizations are reporting rising levels of ransomware activity, cloud account compromise and phishing-related breaches.

Industry surveys show that patient care disruption is becoming increasingly common following major cyberattacks. In some cases, hospitals have been forced to divert ambulances, postpone procedures, delay laboratory testing and temporarily return to paper-based workflows.

Cloud account compromise has emerged as one of the fastest-growing threats because healthcare systems are rapidly moving data, analytics and operational platforms into cloud environments.

Why Hospitals Are Spending More

Hospitals are now investing aggressively in cybersecurity, cloud modernization and patient data protection infrastructure. State governments and healthcare regulators are also increasing support for modernization initiatives that strengthen healthcare IT systems and reduce cyber risk exposure.

Several major hospital systems are also increasing investment in cloud-based healthcare platforms and artificial intelligence-driven analytics systems. Healthcare executives increasingly believe future clinical operations will depend on secure cloud infrastructure capable of supporting electronic health records, imaging systems, analytics and remote healthcare services.

The Cloud Creates Both Opportunity and Risk

Cloud spending is becoming central to the healthcare cybersecurity conversation because hospitals are moving more electronic health records, analytics systems, medical imaging and data storage into cloud environments.

Properly managed cloud systems can offer stronger monitoring, better disaster recovery and more scalable security capabilities than aging on-premise infrastructure. However, poorly secured cloud accounts can also create major vulnerabilities if hospitals fail to implement strong governance and identity management systems.

As a result, healthcare organizations are increasingly investing in encryption, zero-trust security architecture, endpoint monitoring, multifactor authentication and advanced access-control systems.

Rural Hospitals Face Growing Challenges

Rural hospitals are receiving increased attention because many smaller healthcare organizations lack the cybersecurity budgets and staffing resources available to larger health systems.

Several healthcare and technology organizations have expanded cybersecurity resiliency programs aimed at helping rural hospitals strengthen cloud readiness, employee cyber training and foundational security protections.

Industry experts warn that under-resourced hospitals can create risk not only for themselves, but for the broader healthcare ecosystem because healthcare networks and third-party vendors are often deeply interconnected.

The Financial Impact of Cyberattacks

The business case for cybersecurity investment is becoming increasingly unavoidable. A major ransomware attack can shut down scheduling systems, interrupt billing operations, delay lab results and create widespread operational disruption across hospitals and clinics.

In some cases, the consequences extend beyond financial loss. Cyber incidents can contribute to delayed treatment, longer hospital stays, postponed procedures and disruptions in clinical communication.

Healthcare executives are increasingly realizing that cybersecurity infrastructure is as essential as medical equipment, staffing, emergency preparedness and physical security.

What Comes Next

The next stage of healthcare cybersecurity will likely focus heavily on stronger cloud governance, protection of patient data across third-party vendors and AI-assisted threat detection systems capable of identifying attacks before widespread disruption occurs.

As healthcare organizations digitize more operations, attackers will continue looking for weak points inside connected hospital ecosystems. The institutions that adapt most successfully will likely be those that view cybersecurity not as a compliance requirement, but as a core operational and patient safety investment.

The healthcare industry is increasingly realizing that the systems protecting patient data are also protecting clinical operations themselves. In the modern digital hospital, cybersecurity and patient care are becoming inseparable.