Ninety-two percent of healthcare organizations are confident in their ability to respond to cyber attacks, compared to 82 percent two years ago, according to the Cybersecurity in Healthcare report.

More than half (56 percent) have automated systems in place that actively scan their networks for suspicious activity and 31 percent have their own Security Operation Centers (SOCs) for the same purpose. However, the industry still faces challenges such as: 


  • 39.7 percent of IT professionals are not aware if their organization would be willing to pay a ransom in the event of a cyber attack. 
  • 24 percent remain defiant, stating that they would be unwilling to pay a ransom. 

Greater investment

  • Healthcare organizations are spending between 11 and 20 percent more on cybersecurity than in 2017, with the top three investments being anti-virus software (59 percent), firewalls (52 percent) and application security (51 percent).
  • Employee education has grown in popularity, with a 10 percent higher investment in 2019 compared to 2017.

Connected devices

  • Healthcare IT professionals are addressing the growing adoption of the Internet of Things (IoT) and as a result the number of security policies in place for new connected devices has increased from 85 to 89 percent, with fewer respondents doubting the effectiveness of these policies (nine percent in 2019 vs. 13 percent in 2017).
  • The majority (66 percent) of connected devices now run on Microsoft Windows 10, however Linux (33 percent) and Mac OS X (31 percent) popularity is growing significantly since 2017.
  • 26.5 percent continue to run on old operating systems including Microsoft Windows 7 and Microsoft Windows 8 (4.6 percent running medical devices).
  • IT professionals (16.6 percent) do not have the ability to patch their operating systems, leaving their network wide open for attacks.