LevelBlue released its 2025 Spotlight Report: Cyber Resilience and Business Impact in Healthcare. The findings reveal how the healthcare industry is protecting itself from increasingly numerous sophisticated attacks.
The new report found that 32% of healthcare executives say their organization suffered a breach in the past 12 months, and nearly half (46%) say they are experiencing a significantly higher volume of attacks. As artificial intelligence (AI) promises healthcare organizations unprecedented levels of efficiency, optimized processes, and enhanced automation, the report reveals that only 29% of healthcare executives say they are prepared for AI-powered threats despite 41% believing they will happen.
At the same time, the software supply chain remains a blind spot, with only a small portion of executives recognizing the associated risks. 54% say they have very low to moderate visibility into the software supply chain, and only 21% say they are investing significantly in software supply chain security.
However, cyber resilience measures are becoming more integral to business operations, with 61% of healthcare organizations now aligning their cybersecurity teams with lines of business, a sign that resilience is increasingly seen as a shared responsibility across departments. Moreover, nearly half (44%) expect to enlist managed security service providers (MSSPs) in the next two years to help them manage the increasingly complex and dynamic threat landscape, an increase from 30% that have done so over the past 12 months. Additionally, 59% of leadership roles are measured against cybersecurity KPIs, and nearly half (43%) say they allocate cybersecurity budgets at the outset of new initiatives - a critical step toward embedding security into innovation efforts.
"With the rising risk of AI-powered cyberattacks and vulnerabilities in the software supply chain, achieving cyber resilience in healthcare is more critical than ever," said Theresa Lanowitz, Chief Evangelist of LevelBlue. "Our research shows that healthcare organizations are no longer viewing cybersecurity as just an IT issue; it's now a business priority. Still, there is work to be done to properly prepare and protect themselves."
Healthcare organizations are making progress in integrating cybersecurity across their operations, but there is still work to be done. When asked to what extent their organization is investing in certain measures to prepare for new and emerging types of cyber threats, healthcare executives say they are most likely to invest significantly in:
- Generative AI for social engineering attacks (28%)
- Cyber-resilience processes across the business (26%)
- Application security (25%)
- Machine learning for pattern matching (24%)
- Zero Trust Architecture (15%)
Based on these findings, LevelBlue recommends four specific steps to achieve cyber resilience, regardless of the industry: Push cyber resilience up the organization, embed cybersecurity responsibilities throughout the organization, be proactive (not reactive), and prioritize resilience in the software supply chain.
Download the complete findings of the 2025 LevelBlue Spotlight Report: Cyber Resilience and Business Impact in Healthcare at this link here to learn how healthcare organizations are adapting to the changing threat landscape.