The Resilience Mid-Year Risk Report reveals that attacks decrease year-over-year, but successful attacks are becoming more costly to mitigate. In the first half of 2025, Resilience, a cyber risk management firm, reported a 53% decrease in cyber insurance claims, indicating that companies are becoming more effective at preventing attacks. Nevertheless, when ransomware attacks are successful, they’ve resulted in greater financial damage, with deficits increasing 17% year-over-year. Although ransomware was only 9.6% of claims in the first half of 2025, ransomware attacks were responsible for 91% of sustained losses.
The average losses due to a successful ransomware attack are about $1.18 million. Resilience’s clients in the healthcare sector sustained $1.3 million of losses in 2024. In H1 2025, several healthcare companies received extortion demands of up to $4 million. Although it is too premature to say to what extent claims will be in 2025, Resilience mentioned there are signs that the average incurred losses due to healthcare ransomware attacks may be $2 million, above the $1.6 million in 2023 and $705,000 in 2024.
Interlock is a very active ransomware group in 2025, attacking even healthcare providers. In a troublesome development, Interlock is noticed stealing cyber insurance plans and utilizing them to demand higher ransom payments. In two attacks, the threat actor used the cyber insurance policy of the victim as leverage in negotiation. In one incident, the threat actor demanded a ransom amount that is a bit short of the policy payout limit.
Resilience states that cyberattacks are growing more sophisticated, and AI is being used in phishing and social engineering campaigns. Social engineering and phishing attacks were connected to 88% of sustained losses in H1, 2025. With the use of AI in phishing campaigns, it has become more difficult to identify and block attacks. The success rate of conventional phishing and social engineering attempts is 12%, in comparison to 54% when attackers use AI. Resilience discloses that 1.8 billion records were compromised in H1, 2025, mainly due to Social engineering and phishing, together with the accidental disclosure of sensitive information as a result of errors made employing tracking solutions.
Being HIPAA Compliant Might Not Adequately Minimize Risk
Resilience mentioned one case of a healthcare company that had spent a lot on cybersecurity yet still suffered an attack. The investigation showed that although sensible actions were made regarding cybersecurity, there were trade-offs because of financial limitations. Those tradeoffs resulted in vulnerabilities that were eventually exploited. In spite of spending on cybersecurity, the company’s risk analysis was not up-to-date. Although the company at first tested its endpoint protection’s effectiveness, it was not tested regularly after implementation.
Vendor risk management mostly comprised inspections of security policy documents, instead of active monitoring, which just happened for some vendors. Incident response strategies and disaster recovery practices did not regularly satisfy the organization’s recovery goals; however, the problem was not resolved because of minimal resources and competing concerns. Gaps were discovered in its backup processes, since the threat actor could encrypt medical images that were overlooked in backups. That offered the threat actor a substantial advantage in ransom deals. The company discovered that its supposed security posture had little similarity to its true protective capabilities.
Cybersecurity Recommendations for Healthcare Organizations
Resilience remarked that the security gaps tend to be a result of emphasizing HIPAA compliance. The dilemma is that HIPAA merely sets primary criteria for security, with the HIPAA Security Rule being over 20 years old. Focusing on compliance might help prevent regulatory fines, yet may not efficiently lower risks or sufficiently secure against modern threats.
According to its evaluation of the present threat situation, Resilience proposes the following priorities to healthcare organizations to enhance their cybersecurity position and reduce the damage of a successful cyberattack.
- Employ a detailed backup strategy with a specific focus on imaging files, directories, and system settings
- Conduct frequent tests to confirm recovery functions and timeframes within real-looking attack situations
- Prioritize and secure your cyber insurance policy
- Equip employees with training programs on proper data handling procedures, phishing, and social engineering attacks
- Be sure to conduct steady tracking of vendors’ security postures
- Follow systems that convert cyber risks into financial terms to allow leadership to make educated investment choices dependent on real risk reduction potential instead of compliance
- Enforce and routinely check your incident response plan, such as patient safety concerns and regulatory advisory requirements