Hospitals are drowning in threats they can’t triage
Healthcare is facing a rise in cyber threats driven by vulnerable medical devices, growing data exposure, and AI adoption. This article outlines the pressures, gaps, and decisions shaping healthcare’s security future.
Data brokers are exposing medical professionals, and turning their personal lives into open files
Large amounts of personal information about medical professionals are available on people search sites. A new analysis shows how much data about doctors appears online and how easily it can be found. The findings should concern healthcare leaders who support staff safety, workforce protection, and clinical operations.
Hospitals are running out of excuses for weak cyber hygiene
81% of respondents said that prioritizing cybersecurity within the business strategy helps overcome challenges. Nearly two-thirds cited budget limits or competing priorities as the main barriers to meeting their goals. While 65% of executives said they have the authority to allocate funds, many still face moderate to severe cyber incidents. The gap between decision-making power and outcomes points to a lack of sustained commitment once budgets tighten.
Inside healthcare’s quiet cybersecurity breakdown
Healthcare IT leaders are juggling competing demands. Rising costs, new privacy regulations, and expanding digital health services all fight for attention and budgets. As a result, cybersecurity often slips behind other operational concerns. A successful cyber attack can interrupt care, violate privacy laws, and damage patient trust. The survey found that some managed care executives do not view cybersecurity as a core business function. This mindset leaves organizations exposed, since nearly every part of healthcare now depends on secure systems and data.
When hackers hit, patient safety takes the fall
93% of U.S. healthcare organizations experienced at least one cyberattack in the past year, with an average of 43 incidents per organization. The study found that most of these attacks involved cloud account compromises, ransomware, supply chain intrusions, and business email compromise. 72% of respondents said at least one incident disrupted patient care.
Breaches are up, budgets are too, so why isn’t healthcare safer?
In 2023, breaches exposed 168 million records, and the first half of 2025 has already seen extortion demands as high as $4 million. The sector remains vulnerable, despite large investments in security tools and insurance. Despite the mounting risk, cybersecurity remains a low priority for healthcare leadership. In a 2025 survey, only one in three executives listed it as a top concern. Many cited cost or compliance as bigger challenges. Nearly one in five said a cyberattack had already disrupted patient care, and more than half believe a fatal incident is inevitable in the next five years.
Security gaps still haunt shared mobile device use in healthcare
Shared mobile devices are becoming the standard in hospitals and health systems. While they offer cost savings and workflow improvements, many organizations are still struggling to manage the security risks that come with them.
Why rural hospitals are losing the cybersecurity battle
Cyber threats are becoming more frequent and sophisticated, and rural hospitals and clinics are feeling the pressure from all sides: tight budgets, small teams, limited training, complex technology, and vendors that do not always offer much help. Often, they are left juggling security tools without the IT support to use them effectively.
Medical device cyberattacks push hospitals into crisis mode
22% of healthcare organizations have experienced cyberattacks that directly impacted medical devices. Three-quarters of these incidents disrupted patient care, including 24% that required patient transfers to other facilities. Cybercriminals are successfully targeting the very systems healthcare providers depend on most for patient diagnosis, treatment, and monitoring. While electronic health records systems experienced the highest rate of compromise at 52%, many cyber attackers have moved beyond data theft to operational disruption.
Email security risks healthcare IT can’t afford to ignore
92% of healthcare IT leaders say they’re confident in their ability to prevent email-based data breaches, but according to Paubox, they’re not. Email remains one of the biggest security risks in healthcare. Outdated systems and frustrating tools often lead staff to bypass security measures, leaving patient data exposed.
Healthcare organizations are at a turning point with AI
32% of healthcare executives say their organization suffered a breach in the past 12 months, and 46% say they are experiencing a higher volume of attacks. As AI promises healthcare organizations efficiency, optimized processes, and enhanced automation, the report reveals that only 29% of healthcare executives say they are prepared for AI-powered threats despite 41% believing they will happen. 32% feel their organization is prepared for deepfake attacks, even though 49% are expecting them.
Healthcare workers regularly upload sensitive data to GenAI, cloud accounts
Healthcare organizations are facing a growing data security challenge from within. The analysis reveals that employees in the sector are frequently attempting to upload sensitive information, including potentially protected health data, to unauthorized websites and cloud services. Among the most common destinations are AI tools like ChatGPT and Gemini.
Healthcare’s alarming cybersecurity reality
89% of healthcare organizations have the top 1% of riskiest Internet of Medical Things (IoMT) devices, which contain known exploitable vulnerabilities (KEVs) linked to active ransomware campaigns as well as an insecure connection to the internet, on their networks. These figures represent a highly targeted, critical area where most security teams should prioritize their remediation efforts.
Must read:
- Protecting patient data starts with knowing where it’s stored
- World Health Organization CISO on securing global health emergencies
- Password crisis in healthcare: Meeting and exceeding HIPAA requirements
Stay updated with the latest cybersecurity news. Subscribe here!