25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Cyber Insurance Claims Fall But Ransomware Losses Increase

Posted By on Sep 26, 2025

There’s good and bad news on the ransomware front. Attacks are down year-over-year; however, successful attacks are proving even costlier to mitigate, according to the Mid-Year Risk Report from the cyber risk management company Resilience. The company saw a 53% reduction in cyber insurance claims in the first half of the year, which indicates organizations are getting better at preventing attacks; however, when ransomware attacks succeed, they have been causing increased financial harm, with losses 17% year-over-year. While ransomware accounted for just 9.6% of claims in H1, 2025, ransomware attacks accounted for 91% of incurred losses.

On average, a successful ransomware attack causes $1.18 million in damages, up from $1.01 million in 2024, and the cost is even higher in healthcare. Resilience’s healthcare clients suffered average losses of $1.3 million in 2024, and in the first half of 2025, some healthcare providers faced extortion demands as high as $4 million. While it is too early to tell what the severity of claims will be in 2025 until claims are settled, Resilience said there are indications that the average severity of incurred losses for healthcare ransomware attacks this year could be $2 million, up from an average of $705,000 in 2024 and $1.6 million in 2023.

One of the most active ransomware groups this year has been Interlock, which has attacked many healthcare organizations. In a concerning development, Interlock has been observed stealing cyber insurance policies and using them to benchmark and set higher ransom demands. In at least two ransomware attacks, the threat actor referenced the victim’s cyber insurance policy in the ransom demands, and in at least one case, set the ransom demand to just below the policy payout limit.

Resilience warns that cyberattacks are increasing in sophistication and that AI is increasingly being leveraged for social engineering and phishing campaigns. Social engineering and phishing attacks were linked to 88% of incurred losses in H1, 2025. AI-assisted phishing campaigns are more difficult for users to identify and for organizations to block. The success rate of traditional phishing and social engineering attempts is 12%, compared to 54% for AI-assisted attacks. Resilience reports that 1.8 billion credentials were compromised in H1, 2025 alone, an increase of 800% since January 2025. Social engineering and phishing stood out as leading causes of attacks, along with the inadvertent disclosure of sensitive data due to errors made using tracking technologies.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

HIPAA Security Rule Compliance May Not Sufficiently Reduce Risk

Resilience cited one example of a healthcare provider that had invested significantly in cybersecurity yet still fell victim to an attack. The investigation revealed that while reasonable decisions had been made concerning cybersecurity, there were naturally trade-offs due to budgetary constraints. Those tradeoffs meant vulnerabilities were created that were ultimately exploited. Despite investing in cybersecurity, the organization’s risk assessments had not been updated in around four years, which is an aspect of compliance that the HHS’ Office for Civil Rights is actively enforcing due to its importance on security posture.

While the organization initially tested its endpoint protection to ensure it was effective, there was no routine testing after implementation to ensure those measures continued to provide adequate protection. Vendor risk management largely consisted of checks of security policy documents, rather than active monitoring, which only occurred for a few vendors. Incident response plans and disaster recovery exercises failed to consistently meet the organization’s recovery objectives, but the issue was not addressed due to limited resources and competing priorities. Gaps were identified in its backup procedures, as the threat actor was able to encrypt clinical images that had been missed from backups. That gave the threat actor significant leverage in ransom negotiations. The organization found that its assumed security posture bore little resemblance to its actual defensive capabilities.

Cybersecurity Recommendations for Healthcare Organizations

Naturally, there will be cybersecurity tradeoffs with budgetary restrictions, but the security gaps identified in that case study are all too common in healthcare. Resilience suggests that these security gaps are often a consequence of a focus on HIPAA compliance. The problem is that HIPAA only sets baseline standards for security, and the HIPAA Security Rule is more than 2 decades old.  A focus on compliance may help avoid regulatory penalties, but may not effectively reduce risks or adequately protect against modern threats.

“Organizations deploying disconnected security tools without strategic coordination create gaps between systems, while annual assessments become check-box exercises using outdated measures of effectiveness,” suggests Resilience. “Effective healthcare cybersecurity requires quantifying cyber risks in financial terms rather than relying on subjective ratings. Loss exceedance curves model potential impacts based on organization-specific factors, enabling leaders to understand exactly what risks could cost in business disruption, recovery expenses, and regulatory fines. When expressed financially, security discussions shift from technical justifications to strategic investment decisions.”

Based on its analysis of the current threat landscape, Resilience recommends healthcare organizations prioritize the following areas to improve their cybersecurity posture and limit the harm of a successful attack

  • Implement a comprehensive backup strategy with particular attention to imaging files, databases, and system configurations
  • Ensure regular tests are conducted to validate recovery capabilities and timeframes under realistic attack scenarios
  • Treat your cyber insurance policy as part of your crown jewels, and ensure it is properly secured
  • Implement robust training programs that address phishing, social engineering, and proper data handling procedures
  • Ensure there is continuous monitoring of third-party vendors’ security postures
  • Adopt methodologies that translate cyber risks into financial terms to allow leadership to make informed investment decisions based on actual risk reduction potential rather than compliance
  • Implement and regularly test your incident response plan, including patient safety considerations and regulatory notification requirements

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist