A survey of healthcare leaders identifies how providers are defending against growing cyber threats and the greatest barriers to their ongoing security.

FinThrive Inc, a healthcare revenue management software-as-a-service (SaaS) provider, and the Healthcare Information and Management Systems Society (HIMSS) revealed the results of its recent cyber-preparedness and resilience survey of healthcare leaders. 

Designed to capture hospitals’ top priorities and challenges related to cyber-security, the survey comes as the number of healthcare–related cyber-attacks is projected to reach almost 700 (nearly two per day) in 2025, a number that is 10 times the average from 2016-2022, and an increase of 150% from last year per the Office of Civil Rights.

The survey revealed the top three actions healthcare organizations are utilizing in response to recent cyberattacks within the industry. These are:

  • Conducting internal risk assessments;
  • Increasing collaboration with, and scrutiny of, third-party vendors; and
  • Implementing automated incidence response plans.

Incidence response plans often include prioritizing standby or backup capabilities for claims management and eligibility. In fact, 88% of survey respondents stated they are testing backups regularly to prepare for future cyber-related system downtime.

Cybersecurity Investments Vary by Hospital Size

The survey also identified a trend toward higher investment into cybersecurity capabilities in multi-facility healthcare organizations compared to single-facility healthcare organizations. Respondents shared that adequate cybersecurity measures may require too large of an investment for some organizations, as 67% of smaller providers indicated budget is an obstacle versus 24% of larger organizations who cited budget restraints.

As providers are increasingly focused on cyber resilience, they are investing time and resources to better understand their own risk—and sharing some of the responsibility to manage that risk with their software vendors and partners, who will face more scrutiny moving forward.

Revenue protection is also top of mind for providers, with claims and collections being a key priority. Market pressure on margins and cash flow has created fragility in profitability, as such, insulating cash flow from cyber threats has become a strategic imperative for many organizations. As stated, size matters here, and smaller organizations may have larger vulnerabilities given their lower capital position compared to larger healthcare systems.

“The size of a hospital should never dictate its ability to protect its facility, community, and patients in this fast-paced and ever-changing cybersecurity environment,” says Hemant Goel, president and CEO of FinThrive, in a release. “Although there are significant operational expense challenges facing all healthcare organizations, ensuring providers are working with external partners that they trust and that focus on security as the highest priority, can help lighten the burden on internal stress and resourcing associated with cyber-attacks.”

The survey was conducted in October and November of 2024 to gather reactions to a recent wave of cyberattacks in the healthcare industry. A total of 50 respondents were included in the analysis consisting of IT/technology and finance leaders in healthcare at the VP level or above in the United States. Respondents were also screened for being involved in or having awareness of cyber-preparedness and resilience efforts within their organizations.

Summary:

A survey conducted by FinThrive Inc. and HIMSS highlights cybersecurity challenges in healthcare, particularly for smaller hospitals facing budget constraints. With cyberattacks on healthcare organizations projected to increase 150% from last year, hospitals are prioritizing risk assessments, third-party vendor scrutiny, and automated incident response plans to strengthen their defenses. Larger healthcare systems are more likely to invest in cybersecurity, while 67% of smaller providers cite budget as a major barrier. As cyber threats continue to grow, providers are increasingly relying on external vendors and partners to manage security risks while also focusing on protecting revenue streams from financial disruptions caused by cyber incidents.

Key Takeaways:

  • Cybersecurity Funding Gaps Impact Smaller Hospitals – While multi-facility organizations are increasing cybersecurity investments, 67% of smaller providers cite budget as a major obstacle.
  • Healthcare Organizations Strengthen Defenses – Top security measures include internal risk assessments, vendor scrutiny, and automated incident response plans to mitigate cyber threats.
  • Revenue Protection is a Growing Concern – Cyberattacks threaten hospitals’ financial stability, making cash flow insulation a priority alongside IT security investments.

ID 33126739 © Pogonici | Dreamstime.com