LevelBlue Report Reveals Increasing Risks To Healthcare Organizations Are Driving Cyber Resilience

LevelBlue finds that only 29% of healthcare executives say they are prepared for AI-powered threats.

LevelBlue, a leading provider of managed security services, strategic consulting, and threat intelligence, today released its 2025 Spotlight Report: Cyber Resilience and Business Impact in Healthcare. The findings reveal how the healthcare industry is protecting itself from increasingly numerous sophisticated attacks.

The new report found that 32% of healthcare executives say their organization suffered a breach in the past 12 months, and nearly half (46%) say they are experiencing a significantly higher volume of attacks. As artificial intelligence (AI) promises healthcare organizations unprecedented levels of efficiency, optimized processes, and enhanced automation, the report reveals that only 29% of healthcare executives say they are prepared for AI-powered threats despite 41% believing they will happen.

At the same time, the software supply chain remains a blind spot, with only a small portion of executives recognizing the associated risks. 54% say they have very low to moderate visibility into the software supply chain, and only 21% say they are investing significantly in software supply chain security.

However, cyber resilience measures are becoming more integral to business operations, with 61% of healthcare organizations now aligning their cybersecurity teams with lines of business, a sign that resilience is increasingly seen as a shared responsibility across departments. Moreover, nearly half (44%) expect to enlist managed security service providers (MSSPs) in the next two years to help them manage the increasingly complex and dynamic threat landscape, an increase from 30% that have done so over the past 12 months. Additionally, 59% of leadership roles are measured against cybersecurity KPIs, and nearly half (43%) say they allocate cybersecurity budgets at the outset of new initiatives - a critical step toward embedding security into innovation efforts.

“With the rising risk of AI-powered cyberattacks and vulnerabilities in the software supply chain, achieving cyber resilience in healthcare is more critical than ever,” said Theresa Lanowitz, Chief Evangelist of LevelBlue. “Our research shows that healthcare organizations are no longer viewing cybersecurity as just an IT issue; it’s now a business priority. Still, there is work to be done to properly prepare and protect themselves.”

Healthcare organizations are making progress in integrating cybersecurity across their operations, but there is still work to be done. When asked to what extent their organization is investing in certain measures to prepare for new and emerging types of cyber threats, healthcare executives say they are most likely to invest significantly in:

• Generative AI for social engineering attacks (28%)
• Cyber-resilience processes across the business (26%)
• Application security (25%)
• Machine learning for pattern matching (24%)
• Zero Trust Architecture (15%)

Based on these findings, LevelBlue recommends four specific steps to achieve cyber resilience, regardless of the industry: Push cyber resilience up the organization, embed cybersecurity responsibilities throughout the organization, be proactive (not reactive), and prioritize resilience in the software supply chain.

Download the complete findings of the 2025 LevelBlue Spotlight Report: Cyber Resilience and Business Impact in Healthcare at this link here to learn how healthcare organizations are adapting to the changing threat landscape. This report follows the April 2025 release of the 2025 LevelBlue Futures Report: Cyber Resilience and Business Impact, which can be found here.

For more information on LevelBlue and its managed security, consulting, and threat intelligence services, please visit www.levelblue.com

Methodology

The research is based on a quantitative survey that was carried out by FT Longitude in January 2025. There were a total of 1,500 C-suite and senior executives surveyed across 14 countries and seven industries: energy and utilities, financial services, healthcare, manufacturing, retail, transportation, and US SLED (state, local government, and higher education). To be counted as a cyber resilient organization, respondents must have met the qualifications listed under “Five Characteristics of a Cyber Resilient Organization.” The total number surveyed in healthcare is 220.

About LevelBlue

We simplify cybersecurity through award-winning managed services, experienced strategic consulting, threat intelligence, and renowned research. Our team is a seamless extension of yours, providing transparency and visibility into security posture and continuously working to strengthen it.

We harness security data from numerous sources and enrich it with artificial intelligence to deliver real-time threat intelligence- this enables more accurate and precise decision making. With a large, always-on global presence, LevelBlue sets the standard for cybersecurity today and tomorrow. We easily and effectively manage risks so you can focus on your business.

Welcome to LevelBlue. Cybersecurity. Simplified. Learn more at www.levelblue.com.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250604692328/en/