Cyber Liability Insurance: Why Health Care Practices Need Protection Now More Than Ever

Hearing about hacking and IT security incidents has become increasingly common. In 2025 alone, the U.S. Department of Health and Human Services Office for Civil Rights recorded roughly 450 breaches of unsecured protected health information affecting 500 or more individuals, impacting an estimated 30 million people. The financial stakes are just as serious, with the average U.S. data breach costing $10.22 million, according to IBM’s Cost of a Data Breach Report 2025. 

As cyberattacks continue to target health care organizations and medical provider groups, the NEJM Catalyst Insights Council conducted a survey in August 2024 to better understand current and emerging cybersecurity threats. Respondents were asked about their organizations’ cybersecurity training, their knowledge of how to report suspected attacks or suspicious activity, and the safeguards and leadership in place to protect sensitive data. 

In The Rising Risks of Cybersecurity Breaches, Jigar Kadakia highlights several important findings. Approximately four (4) in 10 respondents worldwide report that their organization has experienced at least one cyberattack (17%) or multiple attacks (26%). Yet a notable portion (25% globally and 29% in the U.S.) say they “don’t know” whether their organization has been attacked. Kadakia finds this both surprising and concerning, noting that he expected clinicians to have greater awareness of such incidents. 

The survey also found that 72% of respondents feel confident in their organization’s ability to detect a cyberattack early. While Kadakia agrees that most organizations can identify an incident, he was struck by how many respondents (67% globally) also feel confident in their ability to recover. He notes that recovery, especially from ransomware, is often far more difficult than many realize. It can require extensive validation of backups, rebuilding systems from scratch, and, in severe cases, “days, weeks, or even months to rebuild from bare metal.” 

With cyberattacks on health care organizations becoming more frequent and the recovery more complex, it’s worth taking a moment to consider how prepared your practice truly is. Do you have cyber coverage in place? Just as important, is your policy broad enough to support you through a breach, regulatory investigation, or business interruption? 

Cyber risks continue to rise each year, but the right coverage can make all the difference. To explore affordable cyber liability options that help safeguard your practice, contact Richard Weston, CIC, at rweston@mms.org or (781) 434-7525. You can also learn more at Medical Practice Cyber Insurance – Actuate Insurance 

Resources: 
U.S. Department of Health & Human Services – Office for Civil Rights 
Cost of a data breach 2025 | IBM 
The Rising Risks of Cybersecurity Breaches | NEJM Catalyst