Healthcare cyber resilience | Cohesity healthcare report

According to the newly released Cohesity Healthcare Cyber Resilience Report, two-thirds of healthcare organizations (66%) suffered a material cyberattack in the past 12 months. A material attack is defined as an incident that caused measurable financial, reputational, operational, or customer churn impact. McLaren Health Care, for example, suffered ransomware attacks in back-to-back years that affected more than 2.8 million patients and employees, and resulted in a $14 million settlement in February 2026. The escalating threat has even made its way into the public consciousness: The HBO drama “The Pitt” recently depicted a hospital emergency department shutting down due to a ransomware attack.

In addition to the need for resilience for business continuity, healthcare organizations must meet strict regulatory requirements while safeguarding patients’ data and maintaining their trust.

Beyond operational disruption, cyber resilience in healthcare is a board-level governance issue. Regulators continue to tighten breach notification timelines and enforcement actions, cyber insurers are increasing underwriting scrutiny around backup architecture and immutability controls, and executive teams are being asked to formally attest to resilience readiness. For healthcare organizations, the focus has evolved from considering whether an attack will occur, to whether the organization can demonstrate the ability to rapidly restore clinical systems, protect PHI, and maintain continuity of care under regulatory and financial pressure.

The data from the Cohesity Healthcare Cyber Resilience Report suggests that many organizations may not yet be prepared for that level of scrutiny.

Detection heavy, resilience lacking

The issue is not a lack of awareness of threats. It is an over-rotation toward prevention and detection, and lack of understanding of what post-incident recovery really requires. Cohesity’s survey research data underscores a significant gap between security leaders' perception of their defenses, and the resilience risks they have. While almost half of all respondents (49%) expressed complete confidence in their ability to withstand current threats and remain operational during a cyberattack, a stunning 94% of organizations have paid a ransom to cyber criminals, with the average cost per incident topping $1.3 million. Suffering such attacks has other costs as well: 80% of private healthcare groups had to shift budget from growth initiatives in the wake of a material attack.

Many organizations invest heavily in preventing and detecting attacks without a broader, holistic cyber resilience strategy, according to the Cohesity Healthcare Cyber Resilience report. While the vast majority of healthcare firms and institutions are using a variety threat intelligence and detection tools—64% to 73%, depending on the tool or service—only half of companies (53%) backed up sensitive data across hybrid cloud and multicloud environments, and only 44% follow the 3-2-1 backup rule, which specifies that an organization have three copies of data (production data plus two backups) on two different storage media types, and at least one copy stored offsite.

Overall, the data shows a gap in cybersecurity maturity for many healthcare organizations. Only 18% of the industry embrace practices that place them in one of the top two maturity tiers for cyber resilience.

Strong data security, fast recovery

Protecting healthcare data, among the most sensitive types of information, requires a security solution built for healthcare operations. Data classification and consolidation are modern security measures that allow organizations to identify data critical to their operations and establish more rigorous protections and auditability. Reliable data backup and recovery require continuous backups to immutable media, more accurate ransomware detection enabled by AI, and the ability to quickly restore operations.

As adversaries increasingly wield AI to sharpen their tactics, the healthcare sector must respond with equal intelligence and speed. Future resilience will depend on integrating automation and AI into data security and recovery strategies—enabling faster detection, smarter decisions, and more consistent responses to emerging threats. With a growing majority of healthcare organizations already seeking greater automation and anticipating AI-driven defense capabilities by 2026, the message is clear: attackers are moving fast, but defenders can move faster. By embracing trusted, AI-powered data security and management platforms, healthcare organizations can strengthen their resilience and ensure that critical systems and patient data remain protected—no matter how the threat landscape evolves.

Cohesity helps healthcare organizations keep patient data safe and available by bringing backup, recovery, and security together into a single platform. It protects data from electronic health records, imaging systems, and research environments in a secure, immutable format, enabling hospitals to quickly recover from ransomware or outages while maintaining PHI integrity and supporting HIPAA compliance.

Automated, AI-driven entropy tools scan for unusual activity in backups that may signal indicators of compromise, giving IT and security teams early alerts and clean restore points to bring critical systems back fast. A swift and efficient response to compromises is critical to making healthcare operations more secure. The ability to recover patient data and medical applications following an attack is essential to clinical continuity.

Using Cohesity, healthcare organizations can:

Prevent data tampering: Stop attackers from altering, encrypting, or deleting sensitive data with immutable backups, Zero Trust access controls, and locked retention.
Detect compromise early: Spot suspicious changes, malware, and risky identities with AI-driven anomaly and threat detection before attackers can cripple operations.
Recover operations fast: Restore critical apps in minutes to hours with greater confidence and efficiency, instead of waiting days or weeks.
Optimize operations and costs: Consolidate data protection and cyber recovery on one policy-driven platform to streamline workflows and cut infrastructure and licensing overhead.
Enable AI-ready data access: Transform backup data into searchable, AI-ready indexes that integrate with enterprise AI tools for knowledge discovery, business effectiveness, and compliance.

If your organization cannot restore clinical systems within hours—not days—it is time to reassess your resilience posture. Visit us at HIMSS where I'm speaking on “Cyber Recovery at the Speed of Patient Care,” at the Healthcare Cybersecurity Forum on March 9. Also, download a copy of our new research report, Cohesity Healthcare Cyber Resilience Report here.

About the research

Cohesity surveyed 3,200 IT and security operations decision-makers across 11 countries. Among those were 371 participants from healthcare organizations.

Written By

Dr. Joye Purser

CISSP, Global Field CISO

Cohesity Data Cloud

Data Cloud packaging

Certified platforms

Backup & Recovery

Cloud Data Protection

SaaS Data Protection

Unstructured Data Protection

Cyber Resilience

Zero Trust Security

Archive & Long-Term Retention

Disaster Recovery

Identity Resilience

Ransomware Anomaly Detection

Threat Protection

Data Security Posture Management

Data Classification

Cyber Vaulting

Cyber Recovery Orchestration

Digital Jump Bag

Clean Room Solution

AI Conversational Search

Reporting & IT Insights

Global Search

Why Cohesity

Cohesity vs. Rubrik

Cohesity vs. Commvault

View all solutions

Learn more

Microsoft 365 Protection

AWS

Azure

Google Cloud

Google Workspace

Slack

Active Directory & Entra ID

Hyper-V

Kubernetes

IBM

MongoDB

MS SQL Server

NAS

NoSQL & Hadoop

Nutanix

Oracle

Red Hat

SAP HANA

VMware

Financial services

Healthcare and life sciences

Manufacturing and logistics

Federal government

State, local government, and education

Retail and hospitality

Legal

Energy and utilities

Telecom

Technology

Media and Entertainment

View all

Corporate Overview

Blogs

Demos

Events and Webinars

Customer Stories

Glossary

Marketplace

Podcast

Support

Support login

How-to videos

Cyber Event Response Team

Cohesity Community

Cohesity Academy

Trust Center

Channel Partners

Global System Integrators

Security Partners

Cloud Alliances

Technology Partners

Managed Service Providers