Healthcare Cybersecurity Challenges Persist
Healthcare Cybersecurity Challenges Persist as Sector Struggles to Shift from Reactive to Proactive Strategies Healthcare organizations of all sizes continue to face significant challenges in addressing systemic cybersecurity risks, with new benchmarking data revealing that the industry remains largely reactive rather than proactive in its approach. The findings come from the 2025 Healthcare Cybersecurity Benchmarking Study, a collaborative effort by KLAS Research, Censinet, the American Hospital Association (AHA), the Health Information Sharing and Analysis Center (H-ISAC), the Healthcare and Public Health Sector Coordinating Council (HSCC), and the Scottsdale Institute. The study gathered responses from 69 healthcare and payer organizations between September and December 2024, assessing their alignment with key cybersecurity frameworks, including: Key Findings: Strong Response & Recovery, but Gaps in Prevention & Risk Management 1. Persistent Focus on Reactive Measures Consistent with past years, healthcare organizations reported high coverage in the “Respond” and “Recover” functions of the NIST CSF 2.0, indicating strong incident response and disaster recovery capabilities. However, long-term recovery planning lags behind immediate response efforts, suggesting room for improvement. “As cyber threats grow, healthcare organizations are preparing for when—not if—they will face a breach, emphasizing incident response and business continuity strategies,” the study noted. 2. Critical Gaps in Supply Chain & Asset Management Under the NIST CSF, the lowest coverage areas were: This is particularly concerning given the rising number of third-party breaches impacting healthcare. 3. Cybersecurity Insurance Benefits from Framework Adoption Organizations implementing the NIST CSF saw slower growth in cybersecurity insurance premiums, reinforcing the financial benefits of proactive risk management. 4. Emerging AI Risk Management Efforts Adoption of the NIST AI RMF remains in early stages, with many organizations still establishing governance structures for AI-related risks. 5. HICP & HPH CPG Findings Align with Past Trends Moving from Reactive to Proactive Security While progress has been made, the study highlights that greater adherence to leading cybersecurity frameworks can help healthcare organizations transition to a more proactive security posture, reducing risk and improving resilience. “The healthcare sector must prioritize foundational cybersecurity practices—particularly in supply chain and asset management—to mitigate escalating threats,” the report concluded. Final Takeaway:Healthcare cybersecurity remains heavily reactive, but organizations that invest in comprehensive risk management, third-party oversight, and AI governance can better protect patient data and reduce long-term vulnerabilities. Like Related Posts Who is Salesforce? Who is Salesforce? Here is their story in their own words. From our inception, we’ve proudly embraced the identity of Read more Salesforce Unites Einstein Analytics with Financial CRM Salesforce has unveiled a comprehensive analytics solution tailored for wealth managers, home office professionals, and retail bankers, merging its Financial Read more AI-Driven Propensity Scores AI plays a crucial role in propensity score estimation as it can discern underlying patterns between treatments and confounding variables Read more Tectonic’s Successful Salesforce Track Record Salesforce Technology Services Integrator – Tectonic has successfully delivered Salesforce in a variety of industries including Public Sector, Hospitality, Manufacturing, Read more
