Overview and key points
CFC’s Digital Healthcare Report 2025 has shown that cybercrime now accounts for one third of their cyber claims:
- 25% of CFC’s eHealth claims stem from cyber losses
- 38% of the total cost of eHealth claims is due to cyber
- 70% of eHealth cyber claims payments are due to ransomware
Here we explore the facts behind the figures to help you understand the risks your digital healthcare business could face – and how to build resilience.
With the advances in digital healthcare, the risk of a cyber-attack is increasing and the impact of such an attack is becoming more widespread.
When it comes to the digital healthcare sector, cyber criminals target sensitive patient data, often demanding a ransom for the business to regain access and avoid the data being released into the public or even criminal domain. Beyond the ransom demand itself, the cost of such an attack often ballons with legal fees, lost research as well as lost income and the unavoidable reputation damage.
Why is healthcare a target for cyber criminals?
The healthcare sector has vast amounts of valuable, sensitive patient data and protected health information that offers a potential goldmine to cybercriminals. Fragmented systems, lack of resources given to cyber prevention and the overriding priority to maintain operations and patient care during a cyber incident create the ideal environment for cyber criminals to launch an attack.
Whether it’s a ransomware attack, Business Email Compromise (BEC) resulting in fraudulent payments being made or a data breach, the cyber threat to the digital healthcare sector should not be underestimated.
Cyber attacks and privacy breaches in the digital healthcare sector
The growth in the digital healthcare industry, with the increase in the use of E-health products and solutions, has led to a significant rise in claims notifications – along with a shift in the underlying cause.
CFC’s report has shown that two-thirds of their claims now arise from emerging risks, such as advertising liability, intellectual property (IP) or cyber – which would not usually be covered by a traditional medical malpractice insurance policy.
Unintentional privacy breaches caused by human error, such as accidentally leaking sensitive patient data, are more frequent (14% of claims ) than cyber breaches (8% of claims ). However, cyber breaches, such as ransomware attacks, tend to be more severe.
While human error remains a leading cause of breaches, the rise of sophisticated ransomware attacks, data extortion and social engineering is fuelling a surge in critical cyber incidents. With 30% of CFC’s first-party (losses directly suffered by the company) ransomware claims leading to class action complaints, the legal exposure is growing. Both privacy breaches and cyber attacks rank among the top four causes of notifications, underlining the need for comprehensive and integrated cyber and privacy insurance cover.
Is your cyber risk management fit for purpose?
The threat to data security, patient confidentiality and organisational security is increasing and evolving, with some cyber defences unable to keep pace.
Talk to our team today to find out how we can help your digital healthcare business stay cyber safe.