2025 Healthcare IT Landscape Report

Nearly a third of healthcare companies don’t regularly train their employees on how to respond to cyber threats.

40% of healthcare leaders say protecting patient data is a significant challenge.

More than 1 in 4 healthcare organizations reported that at least half of their sensitive patient data was at risk due to cyberattacks.

Cybersecurity ranks last among significant challenges for healthcare leaders (33%).

In the past year, 80% of healthcare organizations were targeted by at least one cyberattack.

Only 46% of healthcare leaders have adopted data discovery technology.

36% of healthcare leaders admit their current cybersecurity tools cannot protect cloud-based patient data.

Only 46% of healthcare leaders have adopted next-gen EDR with moving threat defense.

More than half (52%) of healthcare leaders believe a fatal cyber-related incident is inevitable within the next five years.

In the event of a cyberattack, 1 in 5 healthcare organizations believe recovery would be delayed because they lack experienced in-house staff or access to a 24x7 security operations team.

Social engineering attacks (48%) and ransomware (34%) were the most common types of cyberattacks on healthcare organizations in the past year.

52% of healthcare leaders say maintaining compliance is a significant challenge.

80% of healthcare leaders are confident in their teams’ ability to stop AI-powered cyberattacks.

More than half (56%) of healthcare leaders say outdated infrastructure would delay breach recovery.

Nearly two-thirds of healthcare organizations surveyed maintain an in-house IT or cybersecurity team.

Almost 25% of healthcare leaders acknowledge it could take up to a month to detect and contain a data breach.

60% of healthcare organizations say staying current with regulations is their top challenge regarding compliance.

Nearly 1 in 5 of healthcare organizations lack a current or effective incident response plan.

55% of healthcare organizations are not currently partnered with a Managed Security Service Provider (MSSP)

57% of healthcare organizations lack the time and resources to meet stringent requirements and oversee the compliance process.

19% of healthcare leaders say a cyberattack has already disrupted patient care.

Only 53% of healthcare organizations run phishing simulations.

More than a third (34%) of healthcare leaders don’t know what data is at risk across their network.

54% of healthcare organizations surveyed still rely on manual in-house processes to handle compliance management.

23% of healthcare organizations say their in-house IT or cybersecurity teams are understaffed.