Healthcare organizations continue to make strides in enhancing their cybersecurity measures, but there is still a pressing need for increased focus on governance and further investments in healthcare security workforces. The latest analysis from the Healthcare Information Management Systems Society (HIMSS) sheds light on the current state of cybersecurity practices and trends within the industry.
The 2024 Healthcare Cybersecurity Survey Report, conducted by HIMSS, gathered insights from healthcare cybersecurity professionals responsible for daily cybersecurity operations. The report highlights the escalating threats and challenges facing security, examines how budgets are being allocated, and offers guidance on areas where organizations can enhance their security protocols.
One key finding from the report is that despite progress being made, there is still a lack of adequate funding for addressing cybersecurity threats. HIMSS emphasizes the importance of strong governance in conjunction with financial resources to effectively mitigate risks associated with artificial intelligence, insider threats, and third-party risk management. Without proper governance, risks related to AI technologies and third-party vendors handling sensitive data remain unchecked.
While the report indicates a decrease in ransomware victims paying ransoms, healthcare organizations are investing more resources in bolstering their cybersecurity defenses. The survey reveals a gradual increase in cybersecurity budget allocations, with a majority of respondents anticipating an increase in overall IT budgets for 2025. However, HIMSS cautions that additional budget allocations are necessary to address the growing security risks faced by healthcare providers.
One area of concern highlighted in the report is the limited monitoring of AI usage within healthcare organizations. Nearly half of the respondents reported a lack of formal approval processes for AI technologies, increasing the risk of AI-driven cyber threats such as machine learning-driven cyber subterfuge.
The report also emphasizes the importance of investing in cybersecurity tools, policies, and staff training. While progress has been made in improving security tools, workforce development remains a challenge for the healthcare sector. Staff retention, hiring, and upskilling are crucial components of a robust cybersecurity program, yet limited budgets have hindered progress in this area.
Communication around cybersecurity priorities is another key focus of the report, with HIMSS highlighting the need for better information sharing within organizations. Phishing attacks remain a common method of cyberattack, underscoring the importance of ongoing threat education and workforce engagement through gamification and tabletop exercises.
As the healthcare industry continues to navigate evolving cybersecurity threats, adaptation and innovation will be essential. The HIMSS report underscores the critical role of cybersecurity in enabling business and clinical care, emphasizing the need for continued vigilance and proactive measures in an increasingly digital world.
To learn more about healthcare cybersecurity, attend the Healthcare Cybersecurity Forum at this year’s HIMSS25 conference in Las Vegas. For further information, contact Andrea Fox, senior editor of Healthcare IT News, at afox@himss.org.
Healthcare IT News, a HIMSS Media publication, remains committed to providing valuable insights and resources to support the ongoing efforts to strengthen cybersecurity in the healthcare industry.
