New research reveals a chilling reality: healthcare organizations are dangerously vulnerable to cyberattacks, and many leaders believe that lives are at stake. Despite this, the industry doesn’t seem to prioritize cybersecurity.
-
Fifty-two percent of healthcare leaders anticipate a deadly cyber incident within the next five years, but around 20% don’t take cybersecurity seriously.
-
Cybersecurity (33%) ranks last on the list of executive priorities, behind operational costs (53%), compliance (52%), and patient data protection (40%).
-
As cyber threats become more sophisticated, particularly with the rise of AI-driven attacks, IT leaders will need to evolve their tactics to keep pace.
The fallout from UnitedHealth's cyberattack is still unfolding. Last year’s breach of its tech subsidiary, Change Healthcare, impacted 190 million people.
The attack triggered a system-wide shutdown, leaving the industry reeling with pharmacy delays and healthcare providers unable to process insurance claims for weeks on end. Resulting prescription backlogs also caused panic among patients who couldn’t fill them.
Now, a new report says that healthcare leaders are waking up to the dangers of cyberattacks and recognizing that their organizations are extremely vulnerable. Many believe patients’ lives are at stake, too.
According to Omega Systems’ 2025 Healthcare IT Landscape Report, there’s a growing consensus among industry leaders that a fatal cyber incident is not just possible, it’s also likely in the near future.
Nearly one in five healthcare leaders say that cyber incidents have impacted patient care, and 52% believe a fatal outcome is likely within the next five years.
Eighty percent of healthcare organizations were attacked in the past year, and more than 25% say at least half of their sensitive patient data was at risk.
However, even though the threat is widespread, cybersecurity still trails in priority. It (33%) ranks last on the list of executive priorities, behind operational costs (53%), compliance (52%), and patient data protection (40%).
Moreover, 21% of polled healthcare leaders openly admit that they don’t view cybersecurity as a critical business function.
Response capabilities are lagging, too: 17% lack an effective incident response plan, and 25% say it could take weeks to detect and contain a breach. Outdated systems compound the issue, with 56% saying legacy infrastructure would slow recovery.
Phishing, ransomware, and preparedness gaps persist: 48% experienced phishing or smishing attacks, 34% faced ransomware, but only 53% run phishing simulations, and nearly one-third don’t regularly train employees.
“As cyber threats become more sophisticated, particularly with the rise of AI-driven attacks, IT leaders will need to evolve their tactics to keep pace,” said Omega Systems, a US cybersecurity company based in Pennsylvania.
“From safeguarding electronic health records to keeping connected medical devices running, digital infrastructure is now directly tied to clinical outcomes.”
Your email address will not be published. Required fields are markedmarked