What You Should Know:
– Despite the escalating frequency and severity of healthcare cyberattacks, cybersecurity remains a surprisingly low priority for many industry leaders, potentially jeopardizing patient care and safety.
– This is a key finding from the “2025 Healthcare IT Landscape Report” released today by Omega Systems, a provider of managed IT and security services. The report, based on an April 2025 survey of 250 U.S. healthcare business leaders, reveals a critical disconnect between perceived cyber readiness and the stark reality of vulnerabilities within these organizations.
– The survey reveals that 19% of healthcare leaders admit a cyberattack has already disrupted patient care, and a concerning 52% believe a fatal cyber-related incident in a U.S. healthcare facility is inevitable within the next five years.
Cybersecurity: The Underestimated Threat to Operations and Patient Safety
Despite these alarming figures and the sensitive nature of the data they manage, cybersecurity ranked last (33%) among the top challenges healthcare IT leaders reported as hindering their business success in 2025. This places it behind concerns like rising operational costs (53%), maintaining compliance (52%), and protecting patient data (40%).
“Healthcare is one of the most frequently targeted industries by cybercriminals – and not surprisingly given the sensitive data they manage. Unfortunately, growing gaps in cyber risk management are resulting in real-world consequences for patients and major setbacks for organizations,” said Mike Fuhrman, CEO of Omega Systems. “The data shows that although leaders don’t report cybersecurity as a top challenge, it’s directly impacting their highest priorities – from patient safety to regulatory compliance. This disconnect is a growing risk across the healthcare industry that needs to be addressed with better visibility, readiness, and resources”.
The report indicates that 80% of healthcare organizations were targeted by at least one cyberattack in the past year, with social engineering attacks (48%) and ransomware (34%) being the most common. More than one in four organizations (27%) reported that at least half of their sensitive patient data was at risk due to previous cyberattacks.
Key Cybersecurity Gaps Revealed: A False Sense of Security?
Despite the high incidence of attacks, 80% of healthcare leaders expressed confidence in their teams’ ability to stop AI-powered cyberattacks. However, the report identifies several critical gaps suggesting this confidence may be misplaced:
- Inadequate Employee Training: Nearly a third (30%) of companies don’t regularly train their employees on responding to cyber threats, and only 53% (nearly half are still not utilizing) run phishing simulations.
- Deficient Incident Response Plans: Nearly one in five (17%) organizations lack a current or effective incident response plan, and almost a quarter (23%) acknowledge it could take up to a month to detect and contain a data breach.
- Stretched In-House Teams: While nearly two-thirds (63%) have in-house IT or cybersecurity teams, 23% report these teams are understaffed. In the event of an attack, 21% believe recovery would be delayed due to a lack of experienced in-house staff or access to a 24/7 security operations team (SOC).
- Infrequent Vulnerability Assessments: A concerning 40% of organizations do not currently conduct proactive IT risk assessments, and 18% of those have no plans to do so in the next 12 months.
- Outdated Systems & Lack of Advanced Tools: More than half (56%) of leaders say outdated infrastructure would delay breach recovery, and 36% admit their current cybersecurity tools cannot protect cloud-based patient data. Many (54%) lack Endpoint Detection and Response (EDR) with automated moving target defense and data discovery/classification technology.
The Compliance Conundrum
While 81% of organizations report being prepared for potential new HIPAA requirements, more than half (54%) still rely on manual, in-house processes for compliance management. Staying current with evolving regulations is the top compliance challenge for 60% of respondents, and 57% cite a lack of time and resources to meet stringent requirements.
The MSSP Advantage: Enhancing Resilience
Despite the complex threat landscape, 55% of healthcare organizations are not currently partnered with a Managed Security Service Provider (MSSP). The report indicates that healthcare companies co-managing IT and security with an MSSP are better equipped to handle rising threats and compliance demands, outperforming peers in areas like threat detection speed, vulnerability assessments, and HIPAA control adoption.
