Healthcare organizations are at a turning point with AI

32% of healthcare executives say their organization suffered a breach in the past 12 months, and 46% say they are experiencing a higher volume of attacks, according to LevelBlue.

AI brings hope and concern

As AI promises healthcare organizations efficiency, optimized processes, and enhanced automation, the report reveals that only 29% of healthcare executives say they are prepared for AI-powered threats despite 41% believing they will happen. 32% feel their organization is prepared for deepfake attacks, even though 49% are expecting them.

Despite their concerns, healthcare executives are feeling confident about defending themselves against AI-related adversaries and using AI to enhance defense. 46% say they are highly or very highly competent at defending themselves against AI techniques, and in implementing and using AI to enhance cybersecurity (44%).

Software supply chain remains a blind spot

At the same time, the software supply chain remains a blind spot, with only a small portion of executives recognizing the associated risks. 54% say they have very low to moderate visibility into the software supply chain, and only 21% say they are investing significantly in software supply chain security.

However, cyber resilience measures are becoming more integral to business operations, with 61% of healthcare organizations now aligning their cybersecurity teams with lines of business, a sign that resilience is increasingly seen as a shared responsibility across departments.

44% expect to enlist managed security service providers (MSSPs) within the next two years to help manage the threat landscape, an increase from 30% that have done so over the past 12 months.

Additionally, 59% of leadership roles are measured against cybersecurity key performance indicators (KPIs), and 43% say they allocate cybersecurity budgets at the outset of new initiatives – a critical step toward embedding security into innovation efforts.

“With the rising risk of AI-powered cyberattacks and vulnerabilities in the software supply chain, achieving cyber resilience in healthcare is more critical than ever,” said Theresa Lanowitz, Chief Evangelist of LevelBlue. “Our research shows that healthcare organizations are no longer viewing cybersecurity as just an IT issue; it’s now a business priority. Still, there is work to be done to properly prepare and protect themselves.”

Progress made in healthcare cybersecurity

Healthcare organizations are making progress in integrating cybersecurity across their operations, but there is still work to be done.

When asked to what extent their organization is investing in certain measures to prepare for new and emerging types of cyber threats, healthcare executives say they are most likely to invest significantly in:

• Generative AI for social engineering attacks (28%)
• Cyber-resilience processes across the business (26%)
• Application security (25%)
• Machine learning for pattern matching (24%)
• Zero trust architecture (15%)

Healthcare organizations are at a turning point with AI: it might be more mainstream, but it is still relatively new and unregulated. Threats can easily slip through the cracks and bad actors can take advantage. The way decision-makers respond in 2025 will be critical for the future of their businesses.