Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    • Blog
      • /
    • Phishing
      • /
    • 84% of Healthcare Organizations Sustained Cyberattacks Last Year

    84% of Healthcare Organizations Sustained Cyberattacks Last Year

    Stu Sjouwerman | Jan 24, 2025

    BEC Healthcare ScamA new survey by cybersecurity vendor Netwrix found that 84% of healthcare organizations spotted a cyberattack in the past twelve months, with phishing attacks accounting for 63% of these incidents.

    “Phishing was the most common type of incident experienced on premises, similar to other industries,” Netwrix says.

    “Account compromise topped the list for cloud attacks: 74% of healthcare organizations that spotted a cyberattack reported user or admin account compromise.”

    These cyberattacks resulted in financial damage for 69% of healthcare organizations, compared to 60% in industries. Additionally, 19% of the incidents led to lawsuits. Ilia Sotnikov, Security Strategist at Netwrix, pointed out that the sensitive, highly regulated nature of the healthcare industry makes it more prone to lawsuits following data breaches.

    “Due to the sensitivity of the protected health information (PHI) data, breaches can cause severe concerns among the general public and various stakeholders,” Sotnikov said. “On top of that, healthcare is a highly regulated industry where organizations face strict penalties for non-compliance.

    Together, these factors lead to a higher-than-average likelihood of lawsuits. At the same time, organizations can feel pressured to change IT or even executive leadership to signal their commitment to addressing security issues and rebuilding trust.”

    Dirk Schrader, VP of Security Research at Netwrix, noted that the urgency often involved in healthcare work is one factor that leads to a higher number of security incidents in this sector. 

    “Healthcare workers regularly communicate with many people they do not know — patients, laboratory assistants, external auditors, and more — so properly vetting every message is a huge burden,” Schrader stated. “Plus, they do not realize how critical it is to be cautious, since security awareness training often takes a back seat to the urgent work of taking care of patients. Combined, these factors can lead to a higher rate of security incidents.”

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Netwrix has the story.

    Topics: Phishing Security Culture

    BreachSim

    Free downloadable software tool

    How easy is it for bad actors to penetrate your system and exfiltrate your data? Pinpoint vulnerabilities, take action and build stronger cyber defenses with BreachSim, a free downloadable software tool from KnowBe4. Based on techniques outlined in the MITRE Att&CK framework, BreachSim launches 12+ data exfiltration scenarios to uncover the stark reality of what happens when employees unknowingly fall for an attack.

    BreachSim LogoHow BreachSim works:

    • 100% harmless simulation of real breach and data exfiltration attacks
    • Provides secure .txt, .doc, and .bmp test files for the simulation
    • Tests 12+ realistic data exfiltration scenarios following the MITRE Att&CK framework
    • Just download the installer, upload the secure test files, and run

    Results in a few minutes!

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog

    Posts By Topic

    View All