Readers Write: Healthcare Cyber Resilience in 2025: Why “Good” Isn’t Good Enough
Healthcare Cyber Resilience in 2025: Why “Good” Isn’t Good Enough
By Chad Alessi
Chad Alessi, MS, MBA is managing director of cybersecurity at CTG.
Ninety-two percent of healthcare organizations have experienced at least one cyberattack in the past year. More than half saw disruptions to patient care, and nearly a third reported increased mortality rates as a result. These aren’t just statistics, they’re a wake-up call for the entire industry. The healthcare sector is under siege, and the stakes are nothing less than patient safety, operational continuity, and public trust.
Yet despite the relentless barrage of ransomware, phishing, and supply chain attacks, many healthcare leaders still describe their organizations’ cyber resilience as merely “good” or “average.” An April 2025 CHIME Executive Member Survey, representing 42 healthcare organizations across the US, reveals a sector that is investing more and learning fast. But they are still struggling to keep pace with increasingly sophisticated adversaries who continuously adapt and exploit new vulnerabilities.
While healthcare organizations are dedicating more resources to cybersecurity than ever before, increased spending does not always translate to greater protection. The data shows a sector that is reactive, not proactive, with stronger confidence in threat detection than vital capabilities in response and recovery.
Key findings from the CHIME survey include:
- Most organizations consider their cyber resilience as “good,” but few report achieving excellence. A significant minority still self-identify as average or below average, especially in recovery capabilities.
- Confidence is highest in IT teams’ 24×7 threat detection but drops sharply for non-IT staff and business leaders. This gap is critical when rapid, cross-functional response is needed.
- Investment priorities are clear — AI-driven threat detection, incident response playbooks, modern Security Operations Centers (SOCs), employee training, and supply chain risk management.
Technology alone is not enough to secure healthcare’s digital front lines. The survey highlights how internal barriers, most notably persistent budget constraints, continue to hinder progress, even as the cost of cyber incidents rises.
Executive support and understanding of cybersecurity are often lacking, making it difficult to establish the governance and strategic direction that are needed for resilience. Many organizations also face a shortage of skilled cybersecurity professionals, and legacy IT infrastructure further complicates efforts to modernize defenses.
The complexity of healthcare systems and associated data adds another layer of difficulty, as organizations try to keep up with a rapidly evolving threat landscape. Ultimately, these human and organizational factors can be just as critical as any technical vulnerability.
The future impact of these human vulnerabilities is impossible to assess as bad actors continue to evolve their attacks and new technologies create new opportunities for disruption. This uncertainty was top-of-mind for survey respondents who pointed to a new breed of threats that are rapidly gaining ground.
AI-powered cyberattacks — including deepfakes, generative phishing, and sophisticated social engineering — have emerged as top concerns, as attackers use artificial intelligence to automate and personalize their tactics. Supply chain vulnerabilities are also front and center, with organizations increasingly dependent on third-party vendors that may not have robust security measures in place.
Ransomware continues to be a major concern, especially as attackers shift to encryption-less tactics that threaten to expose sensitive data rather than simply lock it down. Meanwhile, advanced phishing attacks that are capable of bypassing even multi-factor authentication are making it harder than ever to protect critical systems and patient information.
The consequences of these attacks are not confined to the IT department. When hospital systems go down, the effects ripple through every aspect of care delivery. Delays in procedures and tests become common, and critical patient information can become inaccessible at the worst possible moment. The survey and supporting research show just how serious these impacts can be:
- 69% of affect organizations reported disruption to patient care.
- More than 50% saw delays in procedures and tests, while 25% linked attacks to increased patient mortality.
- Supply chain attacks were most likely to disrupt care, with 82% of those affected reporting direct patient impact.
These results underscore the dire need for healthcare organizations to conduct more training to prepare all staff, not just IT, in the event of a disruption. While many organizations deliver basic training or tabletop exercises, few extend these programs beyond IT staff. This is a missed opportunity, as rapid, coordinated response across all departments is essential for minimizing the impact of attacks on patient care.
The survey also found ample opportunity to improve communications during disruptions, which also has a direct impact on restoring patient care. Confidence in incident response communications, both for staff and patients, is mixed, with many organizations expressing uncertainty about whether their plans are up to date, comprehensive, tested, and validated under real-world conditions.
What should healthcare leaders prioritize when it comes to addressing the potential impact of cyber disruptions on patient care?
- Elevate cyber resilience to a board-level priority. Executive leaders must drive strategy, governance, and response readiness across the organization.
- Invest in both technology and talent. AI-driven defenses and modern SOCs are critical, but so are skilled personnel and a culture of cyber awareness.
- Expand training and incident response exercises to all staff, not just IT. Everyone has a role to play in defending patient safety.
Healthcare’s cyber battle will continue to escalate. While the sector is making progress, “good” is no longer good enough. To safeguard patients, protect data, and ensure operational continuity, organizations must adopt a proactive mindset and prioritize both technical innovation and human expertise to create truly resilient operations.
Good for the blokes at Craneware. If you’re going to sell your company to be over-leveraged and sold-off piecemeal, leaving…