According to the most recent Healthcare Information Management Systems Society study, the most recent Healthcare Information Management Systems Society analysis finds that organizations are still making progress in strengthening their security postures.  ,
HIMSS surveyed healthcare security experts with normal duties about present security techniques and styles in the field for the 2024 Healthcare Cybersecurity Survey Report.  ,
The ,  , highlights growing threats and problems challenging safety, looks at how budgets are being used and provides information on where organizations have the opportunity to increase their security conversations.
Risks also underfunded
The HIMSS yearly security review, which is now in its 16th yr, reflects opinions from healthcare cybersecurity professionals who oversee or manage healthcare cybersecurity programs. Key themes include malware, security incidents, finances and artificial intelligence.
” This year’s study shows that resources alone are not enough – stronger leadership is important, with critical areas including artificial intelligence, inside risk management and ,  , management”, HIMSS, the parent company of , Healthcare IT News, said in a , .  ,
” Cash supports security, but without governance, AI-related dangers remain unregulated”, Lee Kim, HIMSS senior director of security and protection, told , HITN , on Tuesday.
” These challenges apply to the healthcare organization, but also others. They extend to contractors, subcontractors and third parties that control client or sensitive data, as well as vendors providing services to the medical business”, she noted.
According to HIMSS researchers, fewer ransomware victims are claiming to have paid the ransom.  ,
That may be a result of more healthcare organizations ‘ investments in IT security. Healthcare organizations are strategically aligning budgets with crucial vulnerabilities, and additional investments are anticipated, according to the survey, because they have allocated more resources to fortify cybersecurity defenses than in previous years.
” Allocations in the 7-10 % range gradually increased from 10 % in 2020 to 14 % in 2024, showing growing investment in higher cybersecurity budgets”, researchers said in the report.
A slight majority of respondents – 52 % – said they anticipated their organizations ‘ overall IT budgets would increase in 2025, while 10 % indicated a decrease, 28 % reported they envision no change and 10 % did not know.  ,
HIMSS stated in the report that survey respondents ‘ budget increases are generally modest and that additional budget allocations are required to support these increased security risks.
” Effective AI governance requires appropriate policies, staff and ongoing monitoring to address risks like data leaks, breaches social engineering– which includes without limitation,  ,  , and AI-driven phishing attacks, insider threats, etc”, said Kim.
AI spurs further security investments
The healthcare cybersecurity professionals who responded to the survey said there is little oversight of AI use at their organizations, which poses a looming threat.
Nearly half of respondents, 47 %, said their organizations do have approval processes in place, while 42 % said they do not, according to the researchers, who were asked whether their organizations do.  ,
” An additional 11 % were unsure whether such processes exist within their organizations” . ,
That lack of formal AI governance increases risk, according to the new report, which also noted machine learning-driven ,  , as an emerging threat.
” Half –50 % – of respondents said their organizations permit only approved AI technologies, while 30 % allow AI without formal restrictions and 16 % prohibit AI use entirely”, the report said.
Only 1 % of respondents said they were “developing AI policies or implementing guardrails,” and 3 % of HIMSS survey respondents were unsure of their organizations ‘ position.
Most meaningful, weakest spends
The 2024 respondents cited security tools improvements as the most significant advancement from the increase in overall HIT budgets.
According to the report,” a majority – 57 % – reported significant improvements to the tools they use, 47 % reported significant improvements to policies, and 31 % reported significant improvements to staff.”
Bolstering the workforce – employee retention, hiring and upskilling – has been an ongoing issue for the sector.
Staffing has been identified as a major obstacle to improving healthcare cybersecurity programs by respondents to previous HIMSS surveys and , and researchers said that the lack of security budgets has hindered progress on that front.
 , showed that the 2023 HIMSS poll found retention of qualified cybersecurity staff a challenge for that year’s privacy and security professionals.  ,
” We are making progress, but we must do more to stay ahead of today’s evolving threats and to be prepared for future threats”, HIMSS researchers said in a statement.
” The weakest link in any security program is the people, which is why education, tools and policies remain the most important lines of defense”.
Communication around cybersecurity priorities
273 healthcare cybersecurity professionals were cited in this year’s report, and they each had at least some control over a healthcare organization’s cybersecurity program.  ,
Researchers asked respondents on November 6 and December 16, 2024, about their perspectives, knowledge and experiences over the past 12 months.  ,
Nearly half of the respondents had definitive responses and were both executive managers. They held cybersecurity as their top priority. According to HIMSS researchers, a greater understanding of the allocations of cybersecurity budgets by other responders is also concerning.  ,
While non-management and non-executive management respondents showed general awareness of cybersecurity budget allocations, highlighting the potential for better information sharing about organizational cybersecurity programs, they said.
While phishing is the most common method of cyberattack for significant security incidents, according to the poll, researchers noted that gamification,  ,  , and interactive workshops boost workforce engagement threat education.
Healthcare organizations must stay alert while ensuring cybersecurity enables business and clinical care, according to HIMSS in a statement.  ,
In order to navigate an increasingly digital world, continued adaptation and innovation are essential.
Learn more at the , Healthcare Cybersecurity Forumat this year’s HIMSS25 in Las Vegas.
Healthcare IT News ‘ senior editor is Andrea Fox.
Email:
Healthcare IT News is a HIMSS Media publication.