HIMSS: 2024 Healthcare Industry Cybersecurity Survey Report

Cybersecurity Budget

Investment – ​​Organizations are investing more resources to strengthen their defenses.

Strategic Priorities – Budgets are increasingly aligned with critical vulnerabilities.

Security Awareness

Phishing Attack Mitigation - Phishing attacks against projects are a major attack vector.

Innovative training – Gamification and scenario-based training increase engagement.

Security incidents

Phishing attacks dominate – Phishing attacks are the most common method of intrusion.

AI-driven attacks – Deepfakes are an emerging threat.

Ransomware

Fighting Ransomware – Ransomware defense remains a priority.

Reduced ransom payments - Ransomware victims report paying fewer ransoms.

AI

Inadequate policies – The lack of formal AI governance increases risks.

Limited Oversight – There is limited monitoring of the use of AI.

Third-party risks

Third-party incidents – Significant incidents involving third parties are noteworthy.

Impact – Third-party events causing outages and other impacts.

Insider Threat

Formal Program – A formal program is required to manage insider threats.

Methodology and Demographics

The 2024 HIMSS Healthcare Cybersecurity Survey reflects the attitudes of 273 healthcare cybersecurity professionals who have at least some responsibility for day-to-day cybersecurity operations or oversight of a healthcare organization’s cybersecurity program.

Data for the survey was collected between November 6 and December 16, 2024. Questions asked about respondents' opinions, knowledge and experiences over the past 12 months.

Respondents served in a variety of roles, including executive (50%), non-executive management (37%), and non-management (13%) roles. Executive roles included C-level executives, non-executive management included senior management, and non-management included analysts and experts.

Respondents reported varying levels of involvement in their organization’s cybersecurity program: 46% have primary responsibility, 30% share responsibility, and 24% are involved in day-to-day operations or oversight when needed.

Respondents represented a variety of organization types, including healthcare providers (50%), suppliers (18%), consulting firms (13%), government entities (8%), and other organizations (11%). Other organizations included academic institutions, nonprofits, payers, and life sciences companies.

​The document link will be shared to 199IT Knowledge Planet. Scan the QR code below to view it!