From Hospital Halls to Hacker Hubs: Closing the Gaps in U.S. Healthcare Cybersecurity.

The U.S. healthcare system stores 30% of the world’s data but remains one of the least protected critical infrastructures. The healthcare sector is undergoing a digital revolution, where lifesaving decisions hinge on real-time data access, and patient information is stored across sprawling networks of electronic records, connected devices, and third-party platforms. However, this same ecosystem is under siege. From ransomware attacks that paralyze emergency rooms to state-sponsored hacking campaigns that target genomic databases and insurance platforms, America’s healthcare system has become the most targeted critical infrastructure in the nation. In 2023 alone, over 88 million individuals were affected by healthcare data breaches, making the sector the top target for cyberattacks globally. The economic toll is equally daunting, with the average cost of a healthcare breach now exceeding $11 million, the highest across all industries. Yet the true cost lies not only in stolen data or damaged servers, but in delayed surgeries, misdiagnosed patients, eroded public trust, and national vulnerability. The 2015 Anthem Inc. breach exposed 78.8 million records, still the largest in U.S. healthcare history. Since 2009, 5,887 large breaches have been reported, with hundreds still under investigation. The economic impact of healthcare data breaches in the U.S. since 2010 has been staggering, affecting not just hospitals and patients but also the broader economy through rising costs, lost productivity, and national security risks. The global impact is staggering. Over 732 million patient records were exposed between 2010 and 2024. Hacking and IT incidents accounted for 88% of those breaches, with ransomware alone responsible for nearly 40%. The number of breaches rose from 216 in 2010 to 745 in 2023, before slightly dipping to 566 in 2024. The largest breach ever occurred in 2024 at Change Healthcare, affecting 190 million individuals.

The global operational and economic consequences have resulted in disrupted care, with hospitals having to cancel surgeries, divert emergency services, and revert to paper records. While the cost of a single breach can exceed $10 million, with cumulative losses in the billions, the overall economic impact is daunting. Estimates showed that over 37 percent of healthcare organizations took over three months to recover from the impact of ransomware attacks. Cyber breaches now affect entire healthcare systems, with ripple effects on insurance, pharmaceuticals, and public health. The United States, through HIPAA, has strengthened enforcement, with minimal success, due to underreporting and backlogs. The United Nations (2024) outlines how global leaders and cybersecurity experts are calling for stronger frameworks and international cooperation to prevent escalation through cyberspace, as the rate of malicious activities, ranging from ransomware to state-sponsored attacks, is increasing in frequency and sophistication. Healthcare, finance, and critical infrastructure are frequent targets, with incidents becoming “disturbingly common. Cyber mercenaries and hacktivists blur the line between civilians and combatants, escalating digital conflict globally, and there are strategic concerns. AI-enabled cyber operations and quantum computing pose new vulnerabilities. Ransomware payments reached $1.1 billion in 2023, highlighting the economic toll. Cyberattacks undermine public trust, electoral integrity, and institutional stability, sowing seeds of violence and conflict.

The United Nations' (2024) call to action introduced the new agenda for peace initiative, urging nations to adopt a strong legal framework for digital governance, treat cyberattacks as threats to international peace and security, and ultimately integrate cybersecurity into Security Council resolutions and peacekeeping efforts.

“At worst, these attacks undermine trust in the health systems on which people depend, and even cause patient harm and death.”

— WHO briefing to the UN Security Council

enoma ojo (2025)