43% of healthcare email breaches were tied to Microsoft 365.

There has been a 50% increase in healthcare cybersecurity spending since 2018.

Solara Medical Supplies' $9.76 million settlement was due to a phishing-related breach affecting 114,000 patient records.

HIPAA fines exceeding $9 million were issued due to email security failures.

37.2% of healthcare Microsoft 365 users had DMARC in ‘monitor-only’ mode.

Solara Medical Supplies had a $9.76 million settlement due to email security failures.

The average Windows endpoint in healthcare is 48 days behind on critical security patches.

Critical security controls were found to be either non-compliant with internal security and risk policies or missing from devices 15 percent of the time in the analysed healthcare PCs.

15% of healthcare PCs fail security tests.

There were 66 ransomware healthcare victims in Q1 2024, 87 healthcare victims in Q2 2024, 99 healthcare victims in Q3 2024, and 121 healthcare victims in Q4 2024.

Only 37.4% of healthcare ransomware victims reported attacks to the HHS in 2023.

There was 211 US healthcare ransomware victims in 2023 and 268 in 2024, a 27% increase.

There were 66 ransomware healthcare victims in Q1 2024, 87 healthcare victims in Q2 2024, 99 healthcare victims in Q3 2024, and 121 healthcare victims in Q4 2024.

61.6% of healthcare ransomware victims reported attacks to the HHS in 2024.

There was 211 US healthcare ransomware victims in 2023 and 268 in 2024, a 27% increase.

The healthcare sector is the third-most targeted sector for ransomware attacks, following manufacturing and professional services.

There was a 32.16% increase in healthcare ransomware attacks from 2023 to 2024.

There was a significant rise in healthcare ransomware attacks in 2024. From Q1 2023 to Q3 2023, healthcare was the 6th or 7th most targeted sector, but it jumped to third position in Q4 2023 and has remained there.

Types of healthcare providers targeted in 2024 were: Physicians' offices accounted for 25% of attacks, general medical and surgical hospitals accounted for 22% of attacks, other health professionals' offices (outpatient centres, family services etc) accounted for 9% of attacks, and dentists' offices accounted for 6% of attacks.

The most active ransomware groups targeting healthcare in 2024 were: Everest: 25% of attacks focused on healthcare organisations, INC Ransom: 21.7% of attacks focused on healthcare organisations, Monti: 20.8% of attacks focused on healthcare organisations, Rhysida: 18.5% of attacks focused on healthcare organisations, BianLian: 15% of attacks focused on healthcare organisations, Qilin: 14% of attacks focused on healthcare organisations, and Black Suit: 14% of attacks focused on healthcare organisations.