It was Feb. 21 last year when Americans woke up to find the nation’s healthcare system glitching. Pharmacies couldn’t process prescriptions. Hospitals couldn’t access patient records. Behind the chaos was a cyberattack on Change Healthcare a company so deeply embedded in the U.S. medical system that its outage rippled through hospitals, insurers, and patients nationwide. Nearly a year later, a new IBM report reveals the staggering cost of such breaches not just in lost money, but in lost trust. According to IBM’s Cost of a Data Breach Report 2025, healthcare remains the world’s most expensive sector for cyber incidents, with the average breach costing $7.42 million, nearly double the global average. In the United States, the average cost of a data breach across all sectors reached $10.22 million, underscoring how cybersecurity failures are straining even the world’s most digitised economy. Just hours after the Change Healthcare hack, the Huron Daily Tribune in Michigan reported that Scheurer Health, a small regional healthcare provider, could no longer process prescriptions. On its Facebook page, the hospital explained that an outage at “the largest prescription processor in North America” had paralysed its pharmacy system.“We send every prescription through Change Healthcare before it reaches the insurance company,” Angela Lackie, Scheurer Health’s director of pharmacy, told the newspaper. “These hiccups happen from time to time but this one lasted far longer than usual. That’s why we had to alert patients.” For rural hospitals like Scheurer, even a few hours offline can mean delays in filling life-saving medication. But this outage lasted hours, a sign of how vulnerable the healthcare system has become to digital disruption. As reported by Reuters the U.S. Department of Health and Human Services confirmed that the breach impacted approximately 192.7 million people, making it the largest healthcare data breach in U.S. history. The attack, executed by the ransomware group known as BlackCat, disrupted the country’s medical infrastructure for weeks. Pharmacies couldn’t process prescriptions. Hospitals and clinics were unable to file insurance claims or access electronic records, forcing many to revert to manual systems. The stolen data likely included member IDs, patient diagnoses, treatment histories, Social Security numbers, and billing codes exposing intimate medical and financial details of nearly half the U.S. population. What began as a single point of failure in one company’s system rippled outward through America’s healthcare supply chain. For millions of patients, the breach didn’t just compromise privacy it underscored how deeply their lives depend on digital systems they never consciously entrusted.
Anatomy of a Breach: How One Hack Exposed the Whole System
Change Healthcare processes roughly 14 billion medical transactions each year, serving as a central clearinghouse that connects insurers, pharmacies, and healthcare providers. When hackers infiltrated a server that lacked multifactor authentication, it triggered a cascading failure across the network. In congressional hearings, UnitedHealth acknowledged the missing security safeguard a lapse that cybersecurity experts compared to “leaving the vault door open.”
Because so many organizations relied on that single digital pathway, the outage spread rapidly: providers couldn’t bill insurers, pharmacies couldn’t verify copays, and patients were left waiting. The complex web of digital dependencies revealed how brittle the system had become. It wasn’t just one company’s failure it was an industry built on a fragile digital spine. UnitedHealth later confirmed paying a $22 million ransom to the hacker group responsible, known as BlackCat.
The Cost of Digital Dependence
According to IBM’s report, while the global average cost of a data breach fell to $4.44 million, U.S. averages surged, hitting a record $10.22 million. Healthcare continues to carry the highest cost, averaging $7.42 million per incident and taking around 279 days to identify and contain.
The high cost derives not just from data theft, but from lost business, disrupted operations and reputational damage. A hospital that cannot claim with insurers cannot pay its staff; a clinic unable to access records must postpone care. For patients, the cost is measured in missed refills, delayed diagnoses and frustration.
Across the globe, healthcare systems in India, the U.K. and Europe have faced similar incidents — from ransomware-hit hospitals to supply-chain attacks. The lesson is universal: when medicine becomes data, digital failure becomes life-threatening.
From Trust to Trauma
Patients give their most intimate data health histories, treatments, even genetic information to providers because they trust them. That trust is now fragile. Once a patient, always a dataset; once a system, always a target. The Change Healthcare hack didn’t just steal records it stole confidence.
And while recognising the problem is a start, the path ahead is harder. Corporate boards, regulators and hospitals must shift from efficiency to resilience. Every healthcare provider must ask: if the lights go out tomorrow, will care continue? If the network shuts down, will patients be left waiting?
As medicine moves online, every advancement comes with an invoice one measured not in dollars, but in risk. Because in the digital age, the price of healthcare isn’t just what you pay it’s what you risk.
