The Trellix 2025 Healthcare Cybersecurity Threat Intelligence Report finds that healthcare remains the most expensive industry for data breaches, with U.S. incidents averaging $10.22M and cyberattacks increasingly disrupting clinical operations and patient safety. The sector’s rapid adoption of cloud systems and connected medical devices has expanded its attack surface, while threat actors have shifted toward “triple extortion” tactics—data theft, service disruption, and direct patient extortion. In 2025, Trellix recorded 54.7 million detections across healthcare environments, with phishing responsible for most initial access attempts. Legacy medical devices, IoMT systems, and operational technology such as HVAC and building controls are major vulnerabilities, enabling attackers to pivot from administrative networks into clinical systems. The report recommends stronger email security, identity controls, network segmentation, vulnerability prioritization, and SOC-driven incident response to reduce operational disruption and protect patient data.

Join for free to read