October is Cybersecurity Awareness Month, and in our increasingly digital healthcare environment, protecting trust means staying vigilant about how we handle information. Cybersecurity is not just an Information Technology (IT) concern — it’s a shared responsibility that touches every corner of our health system. The risks are real and continue to grow. In 2025, 92% of healthcare organizations reported being targeted by cyberattacks, with ransomware causing an average of 19 days of downtime. The average cost of a healthcare data breach is over $10 million, the highest across all industries.
As a leading healthcare network, Stony Brook Medicine faces constant attempts by cybercriminals to infiltrate our systems. This year alone has shown how disruptive and close to home these threats hit: the Change Healthcare ransomware attack impacted nearly 190 million Americans, halting claims processing across hospitals and pharmacies across the country. The Ascension Health breach disrupted and directly affected patient care which resulted in significant legal and regulatory consequences. Even organizations such as the New York Blood Center were targeted, allowing hackers to steal sensitive patient and employee data. These aren’t isolated events—they have become almost a daily trend of increasingly sophisticated attacks aimed at healthcare systems like ours.
Thanks to the dedication and expertise of our IT and Information Security teams, threats are swiftly identified and mitigated, minimizing disruption to staff and patient care. Much of this work happens quietly behind the scenes, but it’s absolutely essential to keep our environment safe while operations run smoothly. These efforts ensure that we can continue to deliver care without compromise.
You are not alone in the effort to address cybersecurity. Our Information Security team, led by Chief Information Security Officer Andy Hoffman, is here to support you. The team is your partner in keeping our systems secure, 24 hours a day, 7 days a week. If you encounter anything suspicious — whether it’s a strange email, phone call, or text — please contact the team at infosec@stonybrookmedicine.edu. And don’t forget to use the Phish Alert button in Outlook to report suspicious emails quickly. It’s one of the most effective ways to protect our network and your colleagues.
Thank you for partnering with leadership to keep our trusted health system information safe. Your commitment to cybersecurity helps ensure that Stony Brook Medicine remains a trusted, resilient and compassionate place to work and heal.