HIMSS: 2024 Healthcare Industry Cybersecurity Survey Report

HIMSS: 2024 Healthcare Industry Cybersecurity Survey Report

Cybersecurity Budget

Investment – ​​Organizations are investing more resources to strengthen their defenses.

Strategic Priorities – Budgets are increasingly aligned with critical vulnerabilities.

Security Awareness

Phishing Attack Mitigation - Phishing attacks against projects are a major attack vector.

Innovative training – Gamification and scenario-based training increase engagement.

Security incidents

Phishing attacks dominate – Phishing attacks are the most common method of intrusion.

AI-driven attacks – Deepfakes are an emerging threat.

Ransomware

Fighting Ransomware – Ransomware defense remains a priority.

Reduced ransom payments - Ransomware victims report paying fewer ransoms.

AI

Inadequate policies – The lack of formal AI governance increases risks.

Limited Oversight – There is limited monitoring of the use of AI.

Third-party risks

Third-party incidents – Significant incidents involving third parties are noteworthy.

Impact – Third-party events causing outages and other impacts.

Insider Threat

Formal Program – A formal program is required to manage insider threats.

Methodology and Demographics

The 2024 HIMSS Healthcare Cybersecurity Survey reflects the attitudes of 273 healthcare cybersecurity professionals who have at least some responsibility for day-to-day cybersecurity operations or oversight of a healthcare organization’s cybersecurity program.

Data for the survey was collected between November 6 and December 16, 2024. Questions asked about respondents' opinions, knowledge and experiences over the past 12 months.

Respondents served in a variety of roles, including executive (50%), non-executive management (37%), and non-management (13%) roles. Executive roles included C-level executives, non-executive management included senior management, and non-management included analysts and experts.

Respondents reported varying levels of involvement in their organization’s cybersecurity program: 46% have primary responsibility, 30% share responsibility, and 24% are involved in day-to-day operations or oversight when needed.

Respondents represented a variety of organization types, including healthcare providers (50%), suppliers (18%), consulting firms (13%), government entities (8%), and other organizations (11%). Other organizations included academic institutions, nonprofits, payers, and life sciences companies.


​The document link will be shared to 199IT Knowledge Planet. Scan the QR code below to view it!

<<:  The neglected performance of mobile phone flash memory is actually more important than the processor

>>:  Samsung S8 is ruined by rear fingerprint sensor: it takes 6 seconds to read

Recommend

Can integrating virtual reality into movies subvert the experience?

If you haven’t watched a VR movie, you are really...

Hilarious Tang Poetry 2: Traveling around China with the Poets

Appreciate the historical cities, famous mountain...

6 big family happy events in the IT industry in 2015

A few days ago, there was a rumor in the IT circl...

Spring Responsive Programming Practice

Spring responsive programming practical resources...

Never make decisions when you are hungry! Here’s why →

People have to make countless decisions every day...

Why do users uninstall apps?

[[158313]] This article is from a high-quality an...

The fastest animal in the world may be a relative of your bed! | Species Chat

In 2014, a mite named Paratarsotomus macropalpis ...