Healthcare companies face significant perils from risk management issues and outdated technology, according to a newly released report.
In the ever-evolving digital landscape, the healthcare sector continues to grapple with numerous cybersecurity challenges. A recent report by Fortified Health Security sheds light on the top security gaps in healthcare organisations, offering insights into the current state of cybersecurity within the industry.
Despite the report's specific details remaining elusive, it is known that the healthcare sector experienced a staggering 337 breaches in the first half of 2022, impacting over 19 million individuals [1]. Common issues plaguing the sector include insufficient cybersecurity budgets, negligent insider threats, and the growing threat of ransomware attacks.
One concerning aspect is the allocation of resources, with only 4-7% of healthcare IT budgets typically allocated to cybersecurity [1]. This may not be enough to address the evolving threats in the digital age. Furthermore, about 61% of healthcare data breaches are attributed to insider mistakes or negligence [1].
Ransomware attacks, which have been linked to increased medical complications, pose a significant threat. According to the report, 36% of facilities reported such impacts [1]. Lack of robust incident response plans and inadequate data protection policies further exacerbate the impact of these breaches.
However, there is some good news. According to HIPAA, there has been a 48% reduction in healthcare data breaches in the U.S. over the past year [1]. While the specifics of these improvements are not detailed, it is clear that healthcare organisations have been making efforts to enhance their cybersecurity measures and respond more effectively to threats.
Fortified Health Security's report, based on interactions with customers between 2023 and June 2025, identifies the five biggest security gaps among healthcare organisations. These include a lack of unified risk management strategies, lax attention to supply-chain vulnerabilities, a focus on new technology over maintaining legacy systems, incomplete asset inventories, and poor employee training.
The report also highlights areas of improvement, such as response planning, maturity of risk assessments, securing old systems, leadership engagement, and identity management. Post-incident communications and recovery process improvements have also seen significant strides.
One notable example of the industry's dependence on a few obscure but ubiquitous vendors was demonstrated by the 2024 Change Healthcare breach. This underscores the need for healthcare organisations to maintain vigilance in their supply-chain oversight, given the interconnected nature of the healthcare ecosystem.
In conclusion, while the healthcare sector faces numerous cybersecurity challenges, progress is being made. Fortified Health Security's report provides valuable insights into the current state of cybersecurity in the industry and offers a roadmap for improvement. For precise information on the report's findings, it would be necessary to access the full document or their official publications.
[1] Data sourced from various search results.
1) Inadequate cybersecurity budgets, coupled with the rising threat of ransomware attacks and insider negligence, pose significant risks for the already vulnerable healthcare sector, as revealed in the Fortified Health Security report.
2) Identity management stands out as a crucial area of improvement, as it was identified among the findings of the Fortified Health Security report looking at the top security gaps in healthcare organizations.
3) The escalating menace of cyber risks, including ransomware attacks, can have severe consequences for the healthcare sector, as shown by the staggering 36% of facilities that reported ransomware-related impacts in the first half of 2022.
