The cyber insurance market is reaching an inflection point where underwriting companies must differentiate healthcare from other industries in how the risk is evaluated, priced, and how claims are managed.
Healthcare cyber claims data tells a consistent and troubling story: attack frequency has surged dramatically in 2025, roughly a 90% increase from the prior year, while loss costs have more than doubled, driven by both ransomware and the near-automatic class action lawsuits that follow such incidents. In parallel, continued lawsuits tied to online tracking technologies increase exposure.
Even though it is clear that healthcare is being highly targeted, many underestimate the complexity of healthcare cyber exposure. This class cannot be priced or managed like retail, manufacturing, or construction; it demands specialization, underwriting discipline and strong risk management controls.
Healthcare Cyber—Standing Out From the Crowd
Claims data points to rising frequency and severity, with ransomware and litigation trends both deteriorating. Across the industry, healthcare organizations are facing ransomware attacks that are costing between two and three times more than those against non-healthcare entities.
While ransomware frequency in healthcare remained relatively flat from 2022 through 2024, loss ratios stayed elevated. Ransomware frequency in the healthcare sector has surged sharply in 2025, and severity continues to climb. Double extortion, where attackers not only encrypt a victim’s data but also steal and threaten to publish patient data unless a ransom is paid, has become standard, triggering nearly every clause in a cyber policy: breach response, liability, business interruption, data recovery, and extortion payments.
The healthcare sector has consistently been featured among the top industries targeted by ransomware groups and it’s not just direct attacks that threaten the industry. The February 2024 Change Healthcare attack disrupted 94% of US healthcare providers and impacted nearly half of the US population.
Healthcare networks are uniquely complex and interconnected. Legacy systems, vendor-managed devices, and limited cybersecurity resources expand the attack surface, making it one of the most challenging environments to secure. Also, when hospital systems are disabled, the consequences extend far beyond operational disruption. Patient care is delayed, safety is compromised, and the financial and human costs are intertwined.
The Legal Challenge
The legal aftermath of an attack is also quite challenging. When breaches must be disclosed under HIPAA and state privacy laws, it invites public scrutiny and rapid legal action. As a result, class actions often follow within days.
Meanwhile, litigation over website tracking tools has increased exposure for healthcare organizations, especially as some courts appreciate the sensitivity around personal medical data. One recent example was the use of Meta Pixel – a tool that helps analyze online traffic – in patient portals, not realizing the tool can share sensitive details with Meta, the social-media platform.