“5 Trends Reshaping Risk Management in Healthcare This Year”

Healthcare is facing a surge in cyber threats, with 92% of organizations hit by attacks in 2024. These breaches disrupt patient care, increase mortality rates, and cost millions. The article highlights five major trends transforming risk management in 2025:

• Ransomware Growth: Higher attack rates, targeting backups, and causing life-threatening care delays.
• Advanced Social Engineering: AI-powered phishing and deepfakes make scams harder to detect.
• IoT Vulnerabilities: Medical devices with weak security expand attack surfaces.
• Third-Party Risks: Vendor breaches account for 74% of cybersecurity issues.
• AI Governance: AI tools enhance security but require strict oversight to manage risks.

Healthcare organizations must prioritize stronger defenses, vendor oversight, and AI governance to protect patients and data while addressing these growing challenges.

Healthcare Cybersecurity: From Digital Risk to AI Governance with Ed Gaudet

1. Ransomware and Extortion Attacks Increase in Frequency and Severity

The healthcare industry is grappling with a sharp rise in ransomware and extortion attacks as cybercriminals exploit evolving vulnerabilities. A staggering 67% of healthcare organizations reported being targeted in the past year, up from 60% the year before, making healthcare the second most targeted sector globally - just behind central and federal government agencies ^[1].

Attackers are using a range of methods, with exploited vulnerabilities and compromised credentials each accounting for 34% of incidents. Meanwhile, phishing remains a major weak point, as human error continues to open doors for attackers ^[1]. A particularly troubling trend is the deliberate targeting of backup files, making recovery efforts far more difficult.

The Devastating Impact on Patient Care

When ransomware attacks hit healthcare systems, the consequences extend far beyond financial losses - they directly endanger lives. During such incidents, unaffected hospitals often experience a surge in emergency visits, with arrivals increasing by 35.2%, patient volumes rising 15.1%, and wait times ballooning by 47.6% ^[5]. Critical events like stroke code activations and cardiac arrests also spike, with increases of 113.6% and 81%, respectively ^[5].

"A ransomware attack on a hospital crosses the line from an economic crime to a threat-to-life crime."
– John Riggi, Senior Advisor for Cybersecurity and Risk, American Hospital Association ^[3]

The human toll is heartbreaking. For instance, survival rates for out-of-hospital cardiac arrests with favorable neurological outcomes dropped from 40% before an attack to just 4.5% during the attack period ^[5]. Research also reveals that ransomware attacks contributed to the deaths of 42 to 67 Medicare patients between 2016 and 2021 ^[4].

Financial Devastation and Recovery Challenges

The financial impact of ransomware on healthcare organizations is staggering. Downtime costs can reach up to $900,000 per day, while ransom payments in 2024 have a median of $1.5 million and an average of $4.4 million ^[5]. Recovery expenses have skyrocketed, doubling from $1.27 million in 2021 to $2.57 million in 2024 ^[6]. On top of that, 37% of organizations took over a month to fully recover in 2024, compared to 28% the previous year, and an average of 58% of devices are affected during an attack ^[1].

The story of a 44-bed rural hospital in February 2021 illustrates the devastating financial fallout. A ransomware attack rendered its systems inoperable, forcing staff to revert to manual processes for three months. This delay in processing insurance claims led to severe financial strain, ultimately causing the hospital to close its doors, leaving the local community without essential healthcare services ^[5].

Why Healthcare Remains a Prime Target

Healthcare is an attractive target for cybercriminals for several reasons. The critical nature of patient care creates immense pressure to pay ransoms quickly, while outdated IT systems and the growing reliance on connected medical devices widen the attack surface ^[2]. Adding to the problem, Ransomware-as-a-Service (RaaS) platforms have made sophisticated attack tools accessible to even inexperienced hackers. Jack Mott from Microsoft Threat Intelligence explains:

"RaaS platforms have democratized access to sophisticated ransomware tools, allowing even those with minimal technical skills to launch highly effective attacks."
– Jack Mott, Microsoft Threat Intelligence ^[5]

The trend shows no signs of slowing. In 2024, 53% of organizations admitted to paying ransoms, a jump from 42% in 2023 ^[5]. These statistics underscore the urgent need for stronger defenses and better risk management across the healthcare sector.

2. Identity Threats and Social Engineering Attacks Become More Advanced

Healthcare professionals are increasingly targeted by social engineering attacks, which rely on manipulating human behavior rather than exploiting technical vulnerabilities. Shockingly, over 90% of cyber incidents now involve these tactics ^[7]. With the rise of advanced technologies like AI, attackers are becoming more adept at creating highly convincing deceptions.

AI has driven a staggering 1,265% increase in vishing, smishing, and phishing attacks. These tools allow cybercriminals to craft personalized, believable messages that are harder than ever to identify as fraudulent ^[12].

AI-Powered Deception Reaches New Heights

Attackers are using AI to design phishing emails that closely resemble internal communications ^[8]. These emails often reference specific projects, use insider terminology, and mimic the tone and style of actual colleagues, making them especially deceptive.

But the threat doesn’t stop at emails. AI-powered chatbots are being deployed to impersonate legitimate support agents, tricking healthcare workers into sharing sensitive information ^[9]. Deepfake technology adds another layer of danger, enabling attackers to convincingly impersonate high-level executives, such as CEOs. In one alarming example, a finance team transferred a significant amount of money after following instructions from what appeared to be their CEO during a video call ^[9].

The Healthcare-Specific Attack Vector

Healthcare systems are particularly vulnerable to these attacks. Socially engineered phishing schemes accounted for 45% of security breaches in healthcare settings, while incidents of business email compromise soared by 279% in 2023 ^[11]. The high-pressure environment of healthcare, where quick decisions are often necessary, creates the ideal conditions for these types of scams. Attackers frequently pose as IT personnel or vendors, exploiting staff urgency to bypass security protocols ^[8].

Nation-State Actors Join the Fray

Adding to the complexity, nation-state actors are now employing AI to amplify their cyberattack strategies. In February 2024, a report from Microsoft and OpenAI revealed that groups linked to countries like China, Iran, North Korea, and Russia are using AI and large language models to refine their tactics ^[12]. State-sponsored groups such as Charcoal Typhoon (China), Crimson Sandstorm (Iran), and Emerald Sleet (North Korea) have utilized AI for phishing and spear-phishing campaigns. These tools even help attackers translate content and tailor communications to bypass language barriers, making their efforts even more effective ^[12].

The Human Factor Remains Critical

Despite these advancements, the human element remains a crucial line of defense. Around 40% of IT professionals reported encountering phishing attempts in the past year, and 37% identified security training as a top priority ^[10]. Addressing these sophisticated threats will require a combination of cutting-edge technology, focused training programs, and a shift in mindset that integrates cybersecurity into the fabric of patient care.

3. IoMT and IoT Device Vulnerabilities Create Larger Attack Surfaces

As cyber threats become more sophisticated, connected medical devices have emerged as a major weak point in healthcare security. Over 70% of IoMT devices currently in use are vulnerable to known malware attacks ^[13], and 53% of hospital IoT devices have documented security issues ^[17]. With at least seven million IoMT devices expected to be deployed globally by 2026 ^[17], healthcare systems are facing an ever-growing threat landscape.

The scale of this issue is staggering. U.S. hospitals alone are estimated to have 10-15 million connected medical devices, averaging 10-15 devices per patient bed ^[21]. These include everything from infusion pumps and heart monitors to imaging systems and smart sensors, each of which could serve as a potential gateway for cyberattacks. This growing web of devices highlights the critical risks posed to both patient care and data security.

The Vulnerability Landscape is Worrying

The numbers paint a grim picture. Studies show that 75% of infusion pumps and 99% of healthcare networks have known security gaps ^[16][15]. Even more troubling, 89% of healthcare organizations operate devices that are susceptible to publicly available exploits ^[15].

The most common vulnerabilities include poor encryption, weak authentication protocols, and outdated firmware ^[13]. Many IoMT devices lack the computational power needed for advanced security measures, which makes it difficult to enhance protection without disrupting their medical functions ^[13].

"CISOs are saddled with managing fleets of outdated, legacy technology that are riddled with security vulnerabilities on unsupported legacy technology." - Claroty ^[15]

The Double-Edged Sword of Connectivity

Healthcare providers face a tough balancing act: keeping devices operational for patient care while managing a complex, interconnected ecosystem. 96% of organizations anticipate a rise in IoT-related attacks by 2025 ^[14]. The healthcare sector is especially attractive to cybercriminals because of the sensitive nature of patient data and the critical need for uninterrupted medical services.

A key challenge is that many medical devices were designed with functionality as the top priority, leaving security as an afterthought. Legacy systems, in particular, often cannot receive updates, making them permanently vulnerable to exploitation.

Real-World Consequences of Security Gaps

These vulnerabilities aren’t hypothetical - they’ve already caused real harm. In 2017, a DDoS attack disrupted a major hospital network, cutting off communication between doctors and life-saving equipment like ventilators and heart monitors ^[13]. More recently, attacks on IoT wearables in 2025 exposed sensitive health data, raising serious privacy concerns ^[14].

The situation is widespread. 20% of hospital information systems contain ransomware-linked vulnerabilities and insecure internet connections ^[15], while 93% of organizations confirm similar issues with IoMT devices ^[15]. These gaps make healthcare networks an easy target for cybercriminals.

"Hospitals are under immense pressure to digitally transform while ensuring the security of critical systems that support patient care. Cybercriminals, especially ransomware groups, exploit outdated technology and insecure connectivity to gain footholds in hospital networks." - Ty Greenhalgh, industry principal for healthcare at Claroty ^[15]

Building a Stronger Defense

To address these challenges, healthcare organizations are adopting security measures designed to protect devices without compromising their functionality. Key strategies include using multi-factor authentication (MFA) and unique, randomized default credentials ^[14], as well as end-to-end encryption and modern protocols like TLS 1.3 ^[14].

Another critical step is network segmentation, which allows organizations to divide IoMT networks into smaller, isolated sections ^[20]. This approach minimizes the risk of widespread damage if one device is compromised.

Continuous monitoring is also becoming a standard practice. Security teams are increasingly relying on real-time data analysis to track device vulnerabilities, usage patterns, and operational workflows ^[18]. This proactive approach ensures they can respond quickly to emerging threats.

The stakes are high. With the average cost of a healthcare data breach now at $10.93 million per incident ^[19], securing IoMT devices is not just about patient safety - it’s also a financial necessity in today’s healthcare landscape. As the industry continues to evolve, addressing these vulnerabilities will remain a top priority.

sbb-itb-535baee

4. Third-Party and Supply Chain Risks Require More Oversight

Healthcare organizations depend heavily on third-party vendors for critical services like electronic health records (EHRs) and equipment maintenance. However, this reliance introduces vulnerabilities that cybercriminals are quick to exploit. In fact, 74% of cybersecurity issues in healthcare are tied to third-party vendors ^[23], making supply chain security one of the industry's most urgent challenges.

The numbers paint a concerning picture. 55% of healthcare organizations experienced a data breach in the past year through a third party ^[22], and 90% of the most severe healthcare data breaches in 2022 occurred at business associates of HIPAA-covered entities ^[22]. Even more alarming, 41% of data breaches in healthcare began with a third party ^[24]. These statistics underscore how vendors have become a prime target for attackers.

The "Hub-and-Spoke" Attack Strategy

Cybercriminals are increasingly using a "hub-and-spoke" strategy, targeting third-party providers that serve multiple healthcare clients. By breaching a single vendor, attackers can compromise dozens of organizations at once.

The healthcare sector has become the leading victim of third-party data breaches, accounting for one-third of all such incidents in 2023 ^[25]. This trend reflects the industry's dependence on external partners and the high value of healthcare data, which commands top dollar on the dark web.

The Rising Financial Toll

The financial impact of these breaches is staggering. Healthcare consistently incurs the highest average cost of data breaches, reaching $9.77 million in 2024 ^[24]. Some incidents even surpass $10 million per breach ^[22]. This isn't just a security issue - it's a financial survival issue.

The situation is worsening. Ransomware attacks rose by 27% in 2024 compared to the previous year ^[24], with many stemming from compromised vendor relationships. A single breach can result in widespread disruption, highlighting the need for stronger safeguards.

The Assessment Gap

Despite these risks, many healthcare organizations are failing to properly vet their vendors. Shockingly, 40% of vendor contracts are finalized without a security risk assessment ^[26], leaving organizations vulnerable to threats they didn’t anticipate.

"The best time to ensure a vendor meets security and compliance requirements is prior to purchase by reviewing the vendor's processes and controls available and alignment with the practice expectations and needs." - Dustin Hutchison, Chief Information Security Officer and Vice President of Services at Pondurance ^[25]

This reactive approach to vendor management is unsustainable. With 89% of companies experiencing supplier-related risk events over the past five years ^[27], proactive risk assessments have become essential.

Building Effective Oversight Programs

To combat these risks, healthcare organizations are adopting more robust third-party risk management (TPRM) programs. Effective programs include several key elements that ensure continuous oversight and quick response capabilities:

The goal is to shift from superficial compliance checks to deeper, more collaborative security efforts. As one expert put it:

"Establishing and adopting these more effective and efficient TPRM processes will transition TPRM in healthcare from a superficial check-the-box exercise that exposes organizations to unnecessary risks to more robust, collaborative information protection programs that ultimately will benefit all participants across the healthcare community." - Health 3PT ^[22]

By focusing on these components, healthcare organizations can create actionable strategies for managing vendor risks.

Practical Steps for Better Vendor Management

Healthcare providers are taking specific actions to secure their supply chains. Sourcing multiple suppliers ensures backup options when primary vendors face disruptions ^[27]. Many are also shifting to nearshore suppliers to reduce reliance on distant partners and mitigate transportation delays ^[27].

Improving vendor visibility is another priority. This includes assessing financial stability, identifying third-party dependencies, and conducting thorough risk evaluations before signing contracts ^[27]. Organizations are also using data analytics to model worst-case scenarios and develop contingency plans ^[27].

"When patient data is at stake, demand higher standards from vendors." - Dustin Hutchison, Chief Information Security Officer and Vice President of Services at Pondurance ^[25]

As healthcare systems become more interconnected, the stakes are higher than ever. With 80% of healthcare providers and 84% of suppliers expecting supply chain challenges to persist or worsen in the coming year ^[28], managing third-party risks is no longer optional - it’s essential for long-term viability.

5. AI Governance and Automated Risk Management Gain Importance

Artificial intelligence is reshaping healthcare risk management in two major ways: it introduces new vulnerabilities that organizations must address, while also providing tools to enhance cybersecurity. This dual role makes strong governance frameworks essential for navigating today’s complex challenges.

The stakes are high. Recent data shows that 80% of CIOs increased their cybersecurity budgets in 2024^[30]. With healthcare data breach costs averaging $9.77 million between 2022 and 2024^[30] and ransomware recovery expenses hitting $2.73 million^[30], organizations must take AI governance seriously.

The Dark Side of AI: New Threats Emerge

AI isn’t just a tool for good - it’s also being weaponized. Cybercriminals are using AI to create malware that adapts in real time to evade detection. They’re also leveraging deepfakes to impersonate trusted individuals, gaining access to sensitive information^[30].

These evolving threats mean healthcare organizations need to rethink their security strategies. Traditional detection systems struggle to keep up with adaptive malware, and staff must now be trained to recognize deepfake technology and other AI-driven deception techniques.

AI as a Cybersecurity Ally

On the flip side, AI is proving to be a game-changer in defending against cyber threats. Many organizations are now using AI for threat detection and anomaly identification^[30]. These systems can sift through vast amounts of network traffic, user behavior data, and system logs in real time, flagging potential issues before they escalate. AI also excels at spotting insider threats by establishing normal behavior patterns and alerting teams when something seems off. These capabilities are paving the way for more effective governance frameworks.

Building Strong AI Governance Programs

To manage AI risks while reaping its benefits, healthcare organizations are establishing governance structures. For example, a study by the University of Minnesota School of Public Health found that while many U.S. hospitals use AI-assisted predictive models, only 44% have evaluated these models for bias^[34]. This highlights a significant gap in governance. Key elements of effective AI governance include:

• Multidisciplinary governance committees with members like clinical leaders, IT experts, legal advisors, and patient representatives.
• Policies and procedures that align with ethical standards and regulations.
• Role-specific AI training to ensure staff understands how to use the tools effectively.
• Ongoing audits and monitoring to evaluate AI systems continuously^[33].

"We need a level of AI literacy so that physicians will question AI outputs" – Dr. Brett Oliver, Chief Medical Information Officer at Baptist Health Medical Group^[34]

Real-World Examples of AI Success

Several healthcare organizations are already showing how proper AI governance leads to success. The Mayo Clinic, for instance, partnered with Google Cloud to use generative AI for improving clinical documentation and patient communication^[31]. Elevance Health is developing its own AI tools to personalize member interactions and streamline claims processing, while Optum is using large language models to automate prior authorizations and simplify patient data summaries^[31].

Trust: The Cornerstone of AI in Healthcare

Trust is crucial for AI adoption in healthcare. Errors in AI-driven diagnostics or treatments can have life-threatening consequences^[32]. Transparency and accountability are non-negotiable. As the Congressional Research Service explains:

"As a foundational issue, trust is required for the effective application of AI technologies. In the clinical health care context, this may involve how patients perceive AI technologies."^[32]

Healthcare organizations must ensure AI systems provide clear, explainable results that clinicians can understand and validate. Relying on opaque algorithms without clear reasoning increases risks and undermines trust in clinical decisions.

Addressing Workforce Challenges with AI

AI governance is even more critical in light of staffing shortages. The American Hospital Association predicts a shortfall of up to 124,000 physicians by 2033^[31], with a need to hire at least 200,000 nurses annually to meet demand^[31]. AI tools can help by automating repetitive tasks, improving efficiency, and reducing burnout. In one study, automation cut healthcare documentation time by 50%, saving about seven minutes per patient encounter, while reducing burnout by 70%^[29]. However, these benefits depend on governance frameworks that ensure AI integrates smoothly into workflows.

Managing AI Risks: Practical Steps

To balance AI’s benefits with its risks, healthcare organizations are adopting several strategies:

• Zero-trust architectures to continuously verify users and devices^[30].
• Quantum-resistant algorithms to protect critical data from future AI-driven cryptographic threats^[30].
• Collaboration structures like innovation committees or AI working groups to align AI initiatives with clinical and safety goals^[29].

These efforts are part of a broader approach to risk management. By combining AI’s defensive capabilities with well-structured governance, healthcare organizations can protect against cyber threats while improving patient care. Effective governance is the linchpin for leveraging AI safely and responsibly in this high-stakes environment.

Practical Takeaways and Next Steps

The landscape of U.S. healthcare risk management is shifting quickly, driven by ransomware attacks, identity theft, IoMT vulnerabilities, third-party risks, and the challenges of governing AI. With operating margins shrinking, breach costs averaging $9.8 million, and the severe toll of cyberattacks, healthcare organizations face mounting pressures to adapt ^[35].

Building Financial and Operational Resilience

To navigate rising premiums and financial pressures, healthcare organizations might consider strategies like adopting higher deductibles or exploring alternative risk transfer methods. Analyzing loss patterns and communicating preventive measures effectively to insurers can also lead to more favorable terms. Enterprise risk management (ERM) plays a crucial role, especially with a projected nursing shortage exceeding 350,000 by 2026. Enhancing employee engagement through health, safety, and well-being initiatives can further stabilize operations ^[35]. These financial strategies underline the importance of bolstering cybersecurity and compliance efforts.

Strengthening Cybersecurity and Compliance Frameworks

Protecting sensitive data requires a multi-layered approach. This includes implementing strong encryption, preparing incident response plans, conducting regular security training, and maintaining contingency strategies. Routine data backups and multi-factor authentication add essential layers of defense ^[35][36][37].

On the compliance side, healthcare providers need to stay ahead of regulatory changes, enforce vendor oversight, and use data analytics to improve processes. Fostering a culture of accountability and routinely assessing compliance risks are equally important. Transparency with brokers - such as reviewing exposures and insurance needs at least 90 days before policy renewals - ensures preparedness. Ultimately, operational resilience and cybersecurity are deeply interconnected ^[35][36].

Fostering Cross-Departmental Collaboration

Effective risk management thrives on teamwork. Collaboration among leadership, legal teams, compliance officers, IT, and security staff is essential. Regular interdepartmental meetings help align goals and build a sense of shared responsibility ^[38][40].

"Combining risk, processes, people, and technology creates a risk management program that can grow and change to meet new threats and rules. With shared platforms, it is easier to track vendor risks, work together on responses, and keep everyone responsible at every level of the organization."
– Kurt Manske, Cherry Bekaert ^[38]

Implementing AI Governance and Third-Party Oversight

As risks tied to AI and third-party vendors grow, formalized oversight is critical. Establishing an internal AI Risk Review Board and an AI Governance Committee can bring together organizational expertise. Joint sessions with vendors can define roles, set evaluation standards, and ensure accountability. These measures also address algorithmic bias, promote transparency, and verify the reliability of AI tools. For instance, Mizzeto’s collaboration with a Fortune 25 payer reduced unmanaged deployments by 70% while enabling full lifecycle governance ^[39][36].

Preparing for Climate and Operational Risks

Healthcare organizations must also prepare for physical and operational risks. Conducting hazard vulnerability analyses can guide infrastructure planning, ensuring facilities and systems can withstand extreme weather events. Strategic planning that integrates these analyses with regulatory compliance is key to mitigating disruptions. Balancing immediate cybersecurity needs with long-term strategies, fostering collaboration across teams, and maintaining transparency with stakeholders will help healthcare providers continue delivering quality care even in the face of these challenges ^[35][36].

FAQs

What steps can healthcare organizations take to defend against AI-driven social engineering attacks?

Healthcare organizations can protect themselves from AI-driven social engineering attacks by implementing multi-factor authentication (MFA), offering ongoing security awareness training, and deploying real-time threat detection tools. These steps not only help employees spot and respond to suspicious activity but also add critical layers of defense to safeguard sensitive systems.

On top of that, keeping tight control over devices and software is essential. This includes enforcing regular updates and restricting access to critical systems. These proactive measures play a crucial role in spotting and addressing threats before they escalate.

How can healthcare providers protect IoT and IoMT devices from cyber threats?

Healthcare providers can take proactive steps to secure IoT and IoMT devices, minimizing vulnerabilities and protecting sensitive data. One effective approach is network segmentation, which isolates devices to limit the potential spread of threats. Providers should also implement continuous monitoring to detect unusual activity and apply security patches regularly to address known risks.

Strengthening device security, or device hardening, is another crucial measure. This involves disabling unnecessary features, ensuring visibility and control over all connected devices, and automating security policies wherever feasible. Regular vulnerability assessments are equally important, allowing providers to uncover and address risks before they become critical. Together, these practices help safeguard patient information and uphold the reliability of healthcare systems.

Why is managing third-party vendors so important in healthcare, and what steps can organizations take to reduce related risks?

Managing third-party vendors is a crucial responsibility in healthcare, as these partnerships often grant access to sensitive patient information and require adherence to strict regulations like HIPAA. Without proper controls, vendors can unintentionally expose organizations to risks such as data breaches or regulatory violations, potentially harming patients and damaging the organization's reputation.

To minimize these risks, healthcare organizations should take the following steps:

• Perform detailed vendor risk assessments to ensure their security measures and compliance standards are up to par.
• Define clear security and privacy expectations in vendor agreements to establish accountability.
• Continuously monitor vendor activities to identify and address any emerging concerns.
• Create a strong incident response plan to handle potential issues swiftly and effectively.

Proactively managing vendor relationships not only helps safeguard patient data but also reinforces trust in the organization’s ability to provide secure and reliable care.

Related posts

• Building Vendor Risk Frameworks for Healthcare IT
• 5 Challenges in Healthcare Cyber Risk Management
• The AI-Augmented Risk Assessor: How Technology is Redefining Professional Roles in 2025
• “The Tools, Skills, and Mindsets That Will Define Risk Teams in the Next 5 Years”