Healthcare organizations continue to face significant cybersecurity risks, with more than 9 out of 10 experiencing a cyberattack last year. A report released by managed security services provider Fortified Health Security highlights the impact of these attacks, with 7 out of 10 organizations reporting disruptions to patient care as a result.
Fortified’s report delves into the aspects of the NIST Cybersecurity Framework where healthcare organizations have made improvements, as well as areas that still pose serious risks. This data sheds light on why hospitals and healthcare facilities remain prime targets for ransomware criminals.
The report identifies the top five security gaps in healthcare organizations, including the lack of unified risk management strategies, vulnerabilities in the supply chain, a focus on new technology at the expense of legacy systems, incomplete asset inventories, and inadequate employee training. These weaknesses are interconnected and have been exploited in major cyberattacks in recent years.
Supply chain oversight is a critical issue in the healthcare industry due to its complex ecosystem of interconnected entities. The 2024 Change Healthcare breach exposed the industry’s reliance on a few vendors, highlighting the need for better supply chain security. Outdated asset inventories exacerbate these vulnerabilities, making it challenging to mitigate the effects of a supply chain attack.
While securing legacy systems remains a challenge, Fortified’s report reveals improvements in this area over the past year, as well as enhancements in recovery processes, response planning, post-incident communications, and threat analysis maturity. Other areas showing progress include leadership engagement, risk assessment maturity, and identity management, crucial in preventing attacks initiated through stolen credentials.
Based on interactions with customers from 2023 to June 2025, Fortified’s report reflects a range of healthcare organizations in North America, from rural hospitals to large medical centers. The insights provided serve as a roadmap for healthcare facilities looking to strengthen their cybersecurity defenses and mitigate risks in an increasingly digital landscape.
