Enhancing Cybersecurity in Healthcare: Insights from the 2024 HIMSS Report
As healthcare organizations continue to strengthen their security postures, a recent analysis by the Healthcare Information Management Systems Society (HIMSS) indicates that there is still a pressing need for improved governance and greater investments in healthcare cybersecurity workforces. With cybersecurity incidents on the rise, understanding the current state of cybersecurity in the healthcare sector is imperative.
The Latest HIMSS Cybersecurity Survey
In its 2024 Healthcare Cybersecurity Survey Report, HIMSS engaged with cybersecurity professionals responsible for daily operations across the healthcare landscape. The survey collected insights concerning current cybersecurity practices and emerging trends, shedding light on the ongoing challenges organizations face in ensuring robust cybersecurity protocols.
Rising Threats and Budget Constraints
The annual HIMSS survey, now in its 16th year, explores critical issues such as ransomware, security incidents, funding challenges, and the impact of artificial intelligence (AI). The findings reveal that merely having tools isn’t enough; robust governance structures are essential for effective cybersecurity management.
“Tools alone are not sufficient,” explains Lee Kim, HIMSS senior principal of cybersecurity and privacy. “Stronger governance is crucial in areas such as AI, insider threat management, and especially third-party risk management.”
Funding Gaps in Cybersecurity
An alarming trend identified by HIMSS is that many healthcare organizations have not adequately funded their cybersecurity initiatives, leading to vulnerabilities that could be exploited. The survey results illustrate that while funding has increased—rising from 10% in 2020 to 14% in 2024—the increases are relatively modest compared to the escalating risks.
Budgeting for the Future
Looking ahead, 52% of survey respondents believe their organizations’ overall IT budgets will increase in 2025, yet 10% anticipate budget cuts. Given the current landscape, healthcare organizations must think strategically about how to allocate their cybersecurity budgets effectively.
The Role of AI in Cybersecurity
A particular area of concern is the limited oversight regarding AI implementation within healthcare. Almost half (47%) of survey participants confirmed their organizations have established approval processes for AI technologies. Conversely, 42% reported a lack of such processes, raising significant concerns about the potential risks posed by unmonitored AI.
“Effective AI governance requires robust policies, the right staff, and ongoing scrutiny to address risks such as data breaches and insider threats,” Kim elaborates. The potential for AI-driven attacks is an emerging threat that organizations cannot afford to ignore.
Commitment to Cybersecurity Investments
Healthcare organizations appear committed to increasing their cybersecurity investments in response to threats. Survey data reveals that 57% of respondents reported notable enhancements to their security tools, while 47% and 31% noted improvements in policies and staffing, respectively.
Despite these advancements, the industry continues facing significant staffing challenges, which many reports cite as a critical barrier to effective security management. Retaining qualified cybersecurity staff remains a top struggle for health organizations, limiting the progress that can be made.
Strengthening Workforce and Governance
HIMSS researchers emphasize that while progress has been made, much work is needed. “The weakest link in any cybersecurity program is—without doubt—the people involved. Therefore, ongoing education, advanced tools, and comprehensive policies are necessary to safeguard against emerging threats.”
Overcoming Communication Barriers
The survey involved 273 cybersecurity professionals with varying degrees of oversight responsibility, highlighting a knowledge gap about budget allocations in cybersecurity. Most executive management respondents were generally aware of budget distributions; however, this transparency decreased significantly among staff without executive positions.
Improving communication around cybersecurity priorities should be a focal point for organizations to enhance overall security awareness and effectiveness.
Exploring Attack Vectors: Phishing and Beyond
According to survey results, phishing remains the predominant method of cyberattacks, underscoring the need for continued vigilance. HIMSS also highlights that introducing innovative training approaches—like gamification and interactive workshops—can bolster workforce engagement and improve cybersecurity education.
Looking Ahead: The Path Forward
As the cybersecurity landscape continues to evolve, healthcare organizations must maintain a proactive approach to defense strategies. HIMSS researchers stress the importance of adaptability and innovation to navigate a progressively digital environment effectively.
Conclusion: Cybersecurity Is a Continuous Journey
The 2024 HIMSS report outlines a healthcare industry that is making strides in cybersecurity but still requires enhanced funding, strategic governance, and long-term workforce development. With the rapidly changing threat landscape, ongoing investment in both technology and personnel will be essential for safeguarding sensitive patient data and maintaining trust within healthcare systems. Addressing these challenges head-on will be critical as organizations navigate the complexities of healthcare cybersecurity in the years to come.
For more insights and strategic affiliations, join the Healthcare Cybersecurity Forum at HIMSS25 in Las Vegas.
