Ninety-two percent of healthcare organizations have experienced at least one cyberattack in the past year. More than half saw disruptions to patient care, and nearly a third reported increased mortality rates as a result. These aren’t just statistics—they’re a wake-up call for the entire industry. The healthcare sector is under siege, and the stakes are nothing less than patient safety, operational continuity, and public trust.
Yet, despite the relentless barrage of ransomware, phishing, and supply chain attacks, many healthcare leaders still describe their organizations’ cyber resilience as merely “good” or “average.” Our latest CHIME Executive Member Survey findings, representing 42 healthcare organizations across the U.S., reveal a sector that is investing more and learning fast. But they are still struggling to keep pace with increasingly sophisticated adversaries who continuously adapt and exploit new vulnerabilities.
This article unpacks the most urgent findings from our April 2025 CHIME survey of healthcare cybersecurity leaders, highlighting the sector’s biggest vulnerabilities and the bold moves needed to build true resilience.
The Big Picture: Progress, But Persistent Gaps
While healthcare organizations are dedicating more resources to cybersecurity than ever before, increased spending does not always equate to greater protection. The data shows a sector that is reactive, not proactive—with stronger confidence in threat detection than vital capabilities in response and recovery.
Key findings from the CHIME survey include:
- Most organizations consider their cyber resilience as “good,” but few report achieving “excellence.” A significant minority still self-identify as “average” or “below average,” especially in recovery capabilities.
- Confidence is highest in IT teams’ 24x7 threat detection, but drops sharply for non-IT staff and business leaders. This gap is critical when rapid, cross-functional response is needed.
- Investment priorities are clear: AI-driven threat detection, incident response playbooks, modern Security Operations Centers (SOCs), employee training, and supply chain risk management.
People, Processes, and Preparedness
Technology alone is not enough to secure healthcare’s digital frontlines. The survey highlights how internal barriers—most notably, persistent budget constraints—continue to hinder progress, even as the cost of cyber incidents rises.
Executive support and understanding of cybersecurity are often lacking, making it difficult to establish the governance and strategic direction needed for resilience. Many organizations also face a shortage of skilled cybersecurity professionals, and legacy IT infrastructure further complicates efforts to modernize defenses.
The complexity of healthcare systems and associated data adds another layer of difficulty, as organizations try to keep up with a rapidly evolving threat landscape. Ultimately, these human and organizational factors can be just as critical as any technical vulnerability.
An Evolving and Escalating Threat Landscape
The future impact of these human vulnerabilities is impossible to assess as bad actors continue to evolve their attacks, and new technologies create new opportunities for disruption. This uncertainty was top-of-mind for survey respondents who pointed to a new breed of threats that are rapidly gaining ground.
AI-powered cyberattacks—including deepfakes, generative phishing, and sophisticated social engineering—have emerged as top concerns, as attackers use artificial intelligence to automate and personalize their tactics. Supply chain vulnerabilities are also front and center, with organizations increasingly dependent on third-party vendors who may not have robust security measures in place.
Ransomware continues to be a major concern, especially as attackers shift to “encryption-less” tactics that threaten to expose sensitive data rather than simply lock it down. Meanwhile, advanced phishing attacks, capable of bypassing even multi-factor authentication, are making it harder than ever to protect critical systems and patient information.
The Impact Beyond IT: A Direct Threat to Patient Care
The consequences of these attacks are not confined to the IT department. When hospital systems go down, the effects ripple through every aspect of care delivery. Delays in procedures and tests become common, and critical patient information can become inaccessible at the worst possible moment. The survey and supporting research show just how serious these impacts can be:
- 69% of organizations experiencing cyberattacks reported disruption to patient care.
- More than 50% saw delays in procedures and tests; over 25% linked attacks to increased patient mortality.
- Supply chain attacks were most likely to disrupt care, with 82% of those affected reporting direct patient impact.
These results underscore the dire need for healthcare organizations to conduct more training to prepare all staff, not just IT, in the event of a disruption. While many organizations deliver basic training or tabletop exercises, few extend these programs beyond IT staff. This is a missed opportunity, as rapid, coordinated response across all departments is essential for minimizing the impact of attacks on patient care.
The survey also found ample opportunity to improve communications during disruptions, which also has a direct impact on restoring patient care. Confidence in incident response communications, both for staff and patients, is mixed, with many organizations expressing uncertainty about whether their plans are up to date, comprehensive, tested, and validated under real-world conditions.
What Needs to Change: From Reactive to Proactive
So, what should healthcare leaders prioritize when it comes to addressing the potential impact of cyber disruptions on patient care?
- Elevate cyber resilience to a board-level priority. Executive leaders must drive strategy, governance, and response readiness across the organization.
- Invest in both technology and talent. AI-driven defenses and modern SOCs are critical, but so are skilled personnel and a culture of cyber awareness.
- Expand training and incident response exercises to all staff—not just IT. Everyone has a role to play in defending patient safety.
Healthcare’s cyber battle will continue to escalate. While the sector is making progress, “good” is no longer good enough. To safeguard patients, protect data, and ensure operational continuity, organizations must adapt a proactive mindset and prioritize both technical innovation and human expertise to create truly resilient operations.
Explore CTG's Cybersecurity Solutions and learn how we are helping organizations elevate their cyber resilience.
/1.%20Visuals/Website/Icons/x-twitter.svg){kind=icon}