Fortified Health Security 2026 Horizon Report highlights healthcare cybersecurity challenges and strategies

Fortified Health Security has published their 2026 Horizon Report, a comprehensive analysis regarding the state of cybersecurity in healthcare.

215.5 million fewer patient records were compromised in 2025 compared to 2024, but there were 265 more breaches. “Healthcare cybersecurity has entered a new phase. One defined not by single, catastrophic events, but by relentless breach frequency, operational fatigue, and mounting pressure on people and systems,” Fortified Health Security said. Additional key findings:

• Cyber incidents peaked in April and June for 2025.
• Hacking and IT incidents were the most common, followed by unauthorized access and disclosure.
• Breaches were most likely to happen on network servers, followed by email.
• Only 4% of those who participated in Fortified Health Security’s survey reported feeling “very confident” when asked “How confident are you that your third-party risk assessments align with the actual level of risk each vendor poses?”
• More than half of survey respondents (57%) said they don’t have the time to train employees on cybersecurity.
• More than 1/3 of healthcare organizations revised the way they address cybersecurity upon “learning from another organization’s cyber event.”

Additionally, the document reports trends in cybersecurity response and preparedness, artificial intelligence (particularly shadow AI), and an overview of current regulations. Fortified Health Security emphasizes that health systems should be prepared for cyber incidents. “The healthcare organizations best positioned for the future are not the ones with the biggest budgets or the most tools. They are the ones that think in programs, not products.
They plan for turnover. They practice response. They optimize before they add. They learn from peers. They treat readiness as a habit.”