2024年医疗保健行业网络安全调查 2024 HIMSS Healthcare Cybersecurity Survey

1

2024HIMSSHealthcareCybersecuritySurvey|©2025HealthcareInformationandManagementSystemsSociety

2024HIMSSHealthcareCybersecuritySurvey

TableofContents

ExecutiveSummary 3

MethodologyandDemographics 4

Methodology 4

Demographics 4

LevelsofResponsibility 5

TypesofOrganizationsRepresented 5

EconomicsofHealthcareCybersecurity 6

BudgetsareImproving 6

OverallITBudgetsareModestlyImproving 6

AllocationofcurrentITbudgettocybersecurity 7

Comparing2023to2024:CybersecurityBudgetAllocations 8

TrendsinCybersecurityBudgetAllocations 9

CybersecurityBudgetsProjectedtoRise 10

Changestocybersecuritybudgetin2025 10

EffectofCybersecurityBudgetIncreasesin2025 11

SecurityAwareness 12

SecurityAwarenessPrograms 12

Effectivenessofsecurityawarenessprograms 13

SecurityIncidents 14

SignificantSecurityIncidents 14

InitialPointsofCompromise 14

TestingofIncidentResponsePlans 15

StakeholderParticipationinTabletopExercises 16

What’sHappeningwithRansomware 17

PresentState 17

2024RansomwareTrends 17

RansomwareTrends:2022-2024 18

ToPayorNottoPay–RansomwarePayments 19

Proactivevs.ReactiveSecurityMeasures 20

FutureState 21

AIAdoptioninHealthcare 22

AllowingtheUseofAIinHealthcare 22

2

2024HIMSSHealthcareCybersecuritySurvey|©2025HealthcareInformationandManagementSystemsSociety

ToGovernorNot:OrganizationalApproachestoAI 22

AITechnologyUseCases 23

AIGuardrails 24

ApprovalProcessforAITechnology 24

ActiveMonitoringofAITechnology 25

AcceptableUsePolicyforAITechnology 25

FutureConcernsRegardingAI 26

ManagingThird-PartyRisks 27

Third-PartyRiskManagementPrograms 27

Third-PartySecurityIncidents 28

ImpactsofThird-PartySecurityIncidents 29

InsiderThreatPrograms 30

FormalInsiderThreatPrograms 30

InsiderThreatandAI 31

InsiderThreatActivityInvolvingThirdParties 32

Conclusion 33

AboutHIMSS 34

HowtoCitethisSurvey 34

HowtoRequestAdditionalInformation 34

3

2024HIMSSHealthcareCybersecuritySurvey|©2025HealthcareInformationandManagementSystemsSociety

ExecutiveSummary

CybersecurityBudgets

昭Investments-Organizationsarededicatingmoreresourcestofortifydefenses.皿StrategicFocus-Budgetsareincreasinglyalignedwithcriticalvulnerabilities.

SecurityAwareness

回PhishingMitigation-Programstargetphishing,theleadingattackvector.

InnovativeTraining-Gamificationandscenario-basedtrainingboostengagement.

SecurityIncidents

PhishingDominance-Phishingisthetopmethodofcompromise.岔AI-DrivenAttacks-Deepfakesareanemergingthreat.

Ransomware

VCombattingRansomware-Ransomwaredefensecontinuestobeapriority.

×FewerRansomPayments-Fewerransomwarevictimsarereportingpayingransom.

ArtificialIntelligence

目PolicyShortfalls-AlackofformalAIgovernanceincreasesrisk.虱LimitedOversight-ThereislimitedmonitoringofAIusage.

Third-PartyRisks

&Third-PartyIncidents-Significantincidentsinvolvingthird-partiesarenotable.⚡Impacts-Third-partyincidentscausedisruptionandotherimpacts.

InsiderThreats

圓FormalPrograms-Formalprogramsareneededtomanageinsiderthreats.

4

2024HIMSSHealthcareCybersecuritySurvey|©2025HealthcareInformationandManagementSystemsSociety

MethodologyandDemographics

The2024HIMSSHealthcareCybersecuritySurveyreflectstheresponsesof273healthcarecybersecurityprofessionals.Theseprofessionalshadatleastsomeresponsibilityforday-to-daycybersecurityoperationsoroversightofthehealthcareorganization’scybersecurity

program.Respondentswhoindicatedtheydidnothaveanylevelofresponsibilityforeitherday-to-daycybersecurityoperationsoroversightwerenoteligibletotakethesurvey.

Methodology

ThedataforthissurveywascollectedbetweenNovember6andDecember16,2024.

Questionsaskedrespondentsabouttheirperspectives,knowledge,andexperiencesoverthepast12months.Forsimplicity,werefertothisdataas"2024"throughoutthisreport.

Similarly,datafromprevioussurveysisidentifiedbytheyearinwhichitwascollected.

Demographics

AsshowninFigure1below,respondentsheldvariousroles,includingexecutive

management(50%),non-executivemanagement(37%),andnon-management(13%).

ExecutivemanagementincludedindividualsintheC-suite,non-executivemanagementcomprisedseniormanagement,andnon-managementencompassedanalystsand

specialists.

Figure1:RespondentRoles

5

2024HIMSSHealthcareCybersecuritySurvey|©2025HealthcareInformationandManagementSystemsSociety

LevelsofResponsibility

AsshowninFigure2below,respondentsreportedvaryinglevelsofinvolvementintheir

organization'scybersecurityprograms.46%hadprimaryresponsibility,30%shared

responsibility,and24%wereinvolvedasneededintheday-to-dayoperationsoroversight.

Figure2:RespondentCybersecurityResponsibility

TypesofOrganizationsRepresented

AsshowninFigure3below,respondentsrepresentedadiverserangeoforganizations,includinghealthcareproviders(50%),vendors(18%),consultingfirms(13%),governmententities(8%),andotherorganizations(11%).Otherorganizationsincludedacademic

institutions,non-profits,payors,andlifesciencescompanies.

Figure3:TypesofOrganizations

6

2024HIMSSHealthcareCybersecuritySurvey|©2025HealthcareInformationandManagementSystemsSociety

EconomicsofHealthcareCybersecurity

Investinginrobustcybersecuritymeasuresisnolongeroptionalforhealthcare

organizations—itisessential.Yet,achievingastrongcybersecurityposturerequires

sufficientresources,whichareoftenlimitedbybudgetaryconstraints.ChiefInformationSecurityOfficersandtheirteamsfrequentlyfindthemselvesbalancingtheneedto

addressevolvingthreatswiththerealityoftightfinancialresources.

Healthcareorganizationswithgreaterfinancialresourcesarebetterequippedtoleveragerobustcybersecuritysolutions.Sufficientcybersecurityfundingenablesorganizationsto

accessadvancedtools,hireskilledpersonnel,andimplementcomprehensivestrategies.Conversely,limitedbudgetscanposechallenges,makingitmoredifficulttoaddresstheever-evolvingcyberthreatlandscapeeffectively.However,evenwithmodestresources,strategicplanningandprioritizationcanplayacriticalrole.

BudgetsareImproving

OverallITBudgetsareModestlyImproving

Traditionally,healthcareorganizationshavegenerallyallocated6%orlessoftheirIT

budgetstocybersecurity,accordingtoaggregatedatafromthe2018to2022and2024

HIMSSHealthcareCybersecuritySurveys.SincecybersecuritybudgetsaretypicallycarvedoutofoverallITbudgets,thissurveyexaminedboththeexpectedchangesinoverallIT

budgetsfromfiscalyear2024tofiscalyear2025andthecurrentallocationofthosebudgetstocybersecurity.

AsshowninFigure4below,aslightmajorityofrespondents(52%)reportedthattheir

organizations’overallITbudgetswouldincreaseduringthisperiod,while10%indicatedadecrease.28%ofrespondentsreportednochangeintheiroverallITbudgets.TenpercentofrespondentsdidnotknowabouttheanticipatedchangeinITbudgetfrom2024to

2025.

Figure4:AnticipatedChangeinITBudget2024to2025

7

2024HIMSSHealthcareCybersecuritySurvey|©2025HealthcareInformationandManagementSystemsSociety

AllocationofcurrentITbudgettocybersecurity

UnderstandinghoworganizationsallocatetheirITbudgetstocybersecurityprovides

valuableinsightintotheirprioritizationofsecuritymeasures.Variabilityinspendinglevelshighlightsdifferencesinhoworganizationsapproachprotectingtheirsystemsanddata.Thesebudgetarydecisionspresentopportunitiestostrengthendefensesandenhance

preparednessagainstevolvingthreats.

WhenaskedaboutorganizationalallocationofthecurrentITbudgettocybersecurity,20%ofrespondentsindicatedthattheirorganizationhadnospecificcarve-outbutspent

moneyoncybersecurity,asshowninFigure5below.However,19%ofrespondents

reportedtheirorganizationsallocated3-6%oftheoverallITbudgettocybersecurity;14%reported7-10%;7%reported11-14%;9%reportedmorethan14%;and7%reported1-2%.Onepercentofrespondents—severalvendorsandahealthcareprovider—indicated

theirorganizationsdonotspendanymoneyoncybersecurity.Notably,23%of

respondentsdidnotknowwhatpercentageoftheirorganizations’ITbudgetswereallocatedtocybersecurity.

Figure5:PercentofOrganization’sITBudgetSpentonCybersecurity

8

2024HIMSSHealthcareCybersecuritySurvey|©2025HealthcareInformationandManagementSystemsSociety

Comparing2023to2024:CybersecurityBudgetAllocations

Datafromthe2023and2024HIMSSHealthcareCybersecuritySurveysrevealanotable

shiftincybersecuritybudgetallocations.Thepercentageoforganizationsallocating3-6%oftheirITbudgetstocybersecurityincreasedfrom13%in2023to18%in2024,whilethoseallocating1-2%decreasedfrom10%to7%,asshownbelowinFigure6.Allocations

between7-10%weresimilar,decreasingslightlyfrom15%oforganizationsin2023to14%in2024,whileabove10%droppedsignificantly,from21%oforganizationsin2023to16%in

2024,reflectingapossibleredistributionofresourcesormorestrategicspending.

Thepercentageoforganizationswithoutaspecificcarve-outforcybersecurityincreasedslightly,from19%in2023to20%in2024.Additionally,respondentsunawareoftheir

organizations’cybersecuritybudgetallocationsrosefrom19%in2023to23%in2024,

pointingtopotentialgapsincommunicationorgovernanceovercybersecurityspending.

Thesefindingssuggestthatorganizationsareoptimizingcybersecurityinvestments,movingtowardmoremoderatebudgetallocations.However,theincreaseinrespondents

unawareoftheirorganizations’cybersecuritybudgetallocationsunderscorestheneedforimprovedcommunicationaroundcybersecuritypriorities.Whileexecutivemanagement

respondentsweregenerallyawareofcybersecuritybudgetallocations,non-managementandnon-executivemanagementrespondentsdemonstratedlimitedawareness,

highlightinganopportunityforbetterinformationsharingaboutorganizationalcybersecurityprograms.

Figure6:CybersecurityBudgetAllocation,2023vs.2024

TrendsinCybersecurityBudgetAllocations

Overtheyears,cybersecuritybudgetallocationwithinITbudgetshasshownnotable

fluctuations,reflectingchangesinorganizationalprioritiesandresourceallocation

strategies.AsshowninTable1,organizationsreportingnocybersecurityallocation

remainedsteadyat1-3%,whileallocationsinthe1-2%rangepeakedat18%in2020but

droppedto7%in2024.Budgetsinthe3-6%rangedippedto13%in2023beforerecoveringto18%in2024,indicatingstabilityinmoderatespending.Allocationsinthe7-10%range

graduallyincreasedfrom10%in2020to14%in2024,showinggrowinginvestmentinhighercybersecuritybudgets.Budgetsexceeding10%peakedat21%in2023beforefallingto

16%in2024,suggestingshiftstowardmorebalancedspending.

Thepercentageofhealthcareorganizationswithflexibleorunspecifiedcybersecurity

budgetsdeclinedfrom26%in2019to20%in2024,reflectingimprovedbudgeting

practices.However,respondentsunawareoftheirorganizations’cybersecuritybudgets

rosefrom18%in2020to23%in2024,highlightingcommunicationgaps.Whilemodest

increasesinhealthcarecybersecuritybudgetsareevident,additionalinvestmentsare

criticaltoaddressgrowingthreats,protectsensitiveassets,andsupportnewtechnologies.Withoutsufficientfunding,organizationsriskdisruptionstopatientcare,lossoftrust,and

significantfinancialandreputationalharm.

Table1:CybersecurityBudgetAllocation,2019-2024

BudgetAllocation

2019

2020

2021

2023

2024

Noallocation

1%

1%

1%

3%

1%

1-2percent

9%

18%

18%

10%

7%

3-6percent

25%

24%

22%

13%

19%

7-10percent

11%

10%

15%

15%

14%

Morethan10percent

10%

6%

11%

21%

16%

FlexibleAllocation

26%

23%

24%

19%

20%

Don’tKnow

18%

18%

10%

19%

23%

2024HIMSSHealthcareCybersecuritySurvey|©2025HealthcareInformationandManagementSystemsSociety9

10

2024HIMSSHealthcareCybersecuritySurvey|©2025HealthcareInformationandManagementSystemsSociety

CybersecurityBudgetsProjectedtoRise

Changestocybersecuritybudgetin2025

Anticipatedchangestocybersecuritybudgetsprovideinsightintoorganizations,evolvingprioritiesandstrategies.Withthegrowingcomplexityofcyberthreats,manyorganizationsrecognizetheneedtoadjusttheirspendingtostayahead.Theseshiftshighlightan

increasingfocusonbolsteringdefensesandaddressingemergingrisks.AsshowninFigure7below,amongrespondentswhoreportedaspecificallocationfortheirorganizations,

cybersecuritybudgets,aslightmajority(55%)anticipatedanincreasein2025.Only4%expectedadecrease,while21%statedtheirbudgetswouldremainthesame.Notably,20%ofrespondentsindicatedtheydidnotknow.

Figure7:ChangetoCybersecurityBudgetin2025

11

2024HIMSSHealthcareCybersecuritySurvey|©2025HealthcareInformationandManagementSystemsSociety

EffectofCybersecurityBudgetIncreasesin2025

Amongrespondentswhoindicatedthattheircybersecuritybudgetswouldincrease,we

askedwhethertheincreaseenabledtheirorganizationstomakemeaningful

improvements,suchasinvestinginadditionalstaff,tools,and/orpolicies.Asshownin

Figure8,amajority(57%)reportedsignificantimprovementstothetoolstheyuse,47%

reportedsignificantimprovementstopolicies,and31%reportedsignificantimprovementstostaff.Notably,34%statedthattheincreaseallowedforonlysomeimprovementsacrossstaff,tools,andpolicies.Threepercentindicatedthattheincreasemerelymaintained

existingsupportforstaff,tools,andpolicies,and8%ofrespondentsstatedthattheydidnotknow.

Figure8:ImpactofIncreaseinCybersecurityBudgetfor2025

12

2024HIMSSHealthcareCybersecuritySurvey|©2025HealthcareInformationandManagementSystemsSociety

SecurityAwareness

SecurityAwarenessPrograms

Effectivesecurityawarenesstrainingisvitalforhelpingemployeesrecognizeandrespondtocybersecuritythreats.Organizationsuseavarietyofmethodstoengagetheir

workforcesandreinforcekeyconcepts,tailoringtheirapproachestoaddresstheirspecificrisks.Understandingthestrategiesemployedprovidesvaluableinsightintohow

organizationsprioritizeeducationaspartoftheiroveralldefensestrategies.

AsshowninFigure9below,respondentsreportedusingavarietyofmethodsforsecurityawarenesstraining,with73%citingregularemailalertsandcommunications,63%using

simulatedphishing,49%usinginteractivediscussions,and47%holdingin-personorvirtualworkshops.Incidentresponseexercisesliketabletopswereusedby38%,while10%

engagedininteractivegames.Notably,4%reportednotraining,2%wereunawareif

trainingoccurred,and3%usedalternatemethodslikevideo-basedtrainingor

complianceactivities,whicharenotequivalenttoeffectivecybersecuritytraining.Only40%addressedemergingthreatslikedeepfakes,quishing(QRcodephishing),and

smishing(SMSphishing),highlightingtheneedforcomprehensive,up-to-datetrainingprogramstocounterevolvingthreats.

Organizationsmayneedtodevelopcustomtrainingprogramssinceoff-the-shelfsecurity

awarenesstrainingmightnotadequatelyaddressemergingthreats.Tailoredapproachesensurethattrainingisrelevantandcomprehensive,equippingteamstoeffectivelyidentifyandrespondtosophisticatedattacks.

Figure9:MethodsforSecurityAwarenessTraining

13

2024HIMSSHealthcareCybersecuritySurvey|©2025HealthcareInformationandManagementSystemsSociety

Effectivenessofsecurityawarenessprograms

Securityawarenessprogramsareakeyelementoforganizationaldefense,designedto

educateemployeesonrecognizingandrespondingtopotentialthreats.Ascybersecurityriskscontinuetoevolve,theeffectivenessoftheseprogramsiscriticalinreducing

vulnerabilitiesandpreventingincidents.Evaluatinghowwelltheseprogramsperformcanhighlightareasforimprovementandensuretheyremainalignedwiththechangingthreatlandscape.

AsshowninFigure10below,weaskedrespondentswhoseorganizationsconductsecurityawarenessprogramstoassesstheeffectivenessoftheseprograms.Amajority(62%)

indicatedtheirprogramsaresomewhateffective,while18%describedthemasvery

effective.Another18%reportedtheirprogramsareonlyslightlyeffective,and2%statedtheyarenoteffectiveatall.Therelativelylowpercentageofrespondentsratingtheir

programsasveryeffective(18%)suggestsaneedforenhancedstrategies.Itissuggestedthatorganizationsfocusonkeyareasforimprovement,includingaddressingemerging

threatsandmitigatingrisksfromnewandemergingtechnologies.Strengtheningthese

securityawarenessprogramscouldbetterequiporganizationstostayaheadofevolvingcybersecuritychallengesandbolstertheiroveralldefenses.

Proactivemeasures,suchasgamification,tabletopexercises,andinteractiveworkshops,canhelpeducatetheworkforceaboutbothbasicandadvancedthreats.These

approachescanengageemployeeseffectively,fosteringpracticalskillsandawareness.

Socialengineeringremainsadominantattackmethod,makingitcrucialforsecurityawarenessprogramsinhealthcareorganizationstoaddressemergingthreatssuchasdeepfakes(image,audio,video),smishing,andquishing.

Figure10:EffectivenessofSecurityAwarenessTrainingPrograms

14

2024HIMSSHealthcareCybersecuritySurvey|©2025HealthcareInformationandManagementSystemsSociety

SecurityIncidents

SignificantSecurityIncidents

InitialPointsofCompromise

Understandinginitialpointsofcompromiseiskeytoidentifyingvulnerabilitiesand

strengtheningdefensessincetheyoftenserveasgatewaysforattackers.Addressingtheseweaknessescansignificantlyreducetheriskofbreachesandimprovesecurityposture.AsshowninFigure11below,weaskedrespondentstoidentifyinitialpointsofcompromiseforsignificantsecurityincidentsinthepastyear.Generalemailphishing(63%),SMSphishing

andtargetedspear-phishing(each34%),businessemailcompromise(31%),phishing

websites(21%),maliciousads(20%),socialmediaphishing(19%),vishing(voicephishing)(17%),andwhaling(alsoknownasexecutiveimpersonation)(16%),deepfakeimages(6%),audiodeepfakes(4%),videodeepfakes(3%),distributeddenialofservice(DDoS)attacks(3%),andprivacybreaches(3%)werereported.Eightpercentdidnotknow.Eighteen

percentreportednosignificantsecurityincidents,

Figure11:InitialPointsofCompromiseforSignificantSecurityIncidentsinthePast12Months

15

2024HIMSSHealthcareCybersecuritySurvey|©2025HealthcareInformationandManagementSystemsSociety

TestingofIncidentResponsePlans

Regulartestingofincidentresponseplansisessentialtoensureorganizationsarepreparedtohandlecybersecurityincidentseffectively.Tabletopexercisesplayacriticalrolein

identifyinggaps,improvingcoordination,andstrengtheningoverallresponsecapabilities.Understandinghowfrequentlyorganizationsengageintheseexercisesprovidesinsight

intotheirlevelofpreparednessandcommitmenttomitigatingpotentialrisks.

Weaskedrespondentswhethertheirorganizationsconducttabletopexercisestotestthecapabilitiesoftheirincidentresponseprograms.AsshowninFigure12below,45%of

respondentsindicatedthattheirorganizationsdoconducttabletopexercises,while39%reportedtheydonot.Sixteenpercentstatedthattheywereunsurewhethertheir

organizationsconducttabletopexercises.

Thesefindingshighlightamixedlevelofpreparednessamongorganizations,withmany

failingtotesttheirincidentresponseplansbyusingtabletopexercises.Tabletopexercisesarecriticalforsimulatingvariousscenarios,identifyinggapsinresponsecapabilities,andstrengtheningoverallincidentresponsestrategies.

The16%ofrespondentsunawareofwhethertheirorganizationsconducttheseexercisespointstopotentialgapsincommunicationandparticipation.Thisunderscoresthe

importanceofincludingallrelevantstakeholders—regardlessoftheirrole—intabletopexercises.Improvingcommunicationandtransparencyaboutincidentresponseefforts

canhelpensurebroaderorganizationalawarenessandmoreeffectivepreparednessforpotentialincidents.

Figure12:OrganizationsConductingTabletopExercisesforIncidentResponseTesting

16

2024HIMSSHealthcareCybersecuritySurvey|©2025HealthcareInformationandManagementSystemsSociety

StakeholderParticipationinTabletopExercises

Respondentswhoseorganizationsconducttabletopexercisesidentifiedparticipants.Theresultsshowadiverserangeofparticipantsbutalsohighlightgapsinparticipation.As

showninFigure13below,ITstaff(89%)andcybersecuritystaff(77%)werethemost

frequentlyinvolvedstakeholders,reflectingtheircriticalrolesinmanagingandrespondingtoincidents.Seniormanagementparticipationwasreportedat73%,whileexecutives,

includingC-suiteleaders,participatedin58%ofcases,demonstratingrobustlevelofleadershipengagement.

Otherdepartmentswithinhealthcareorganizationswereinvolvedintabletopexercises:

•Compliance(48%)

•Clinicians(44%)

•Informatics(44%)

•Humanresources(43%)

•Legal(42%)

•Accountingandfinance(35%)

Externalparties,suchasvendors(22%)andcontractors(15%),hadlowparticipationrates.Thismaypointtoanareaforimprovement,giventheirpotentialinvolvementwhen

incidentsoccur.Additionally,theboardofdirectorsparticipatedinonly21%ofcases,

despitetheircriticalroleinoverseeingcybersecurityrisk.Twopercentofrespondents

statedtheydidnotknowwhichstakeholdersparticipate,whileanother2%reportedthatotherstakeholders,suchasemergencypreparednessprofessionals,wereinvolvedonanadhocbasis.

Figure13:TabletopExerciseParticipants

What’sHappeningwithRansomware

PresentState

Ransomwareattackscontinuetobeasignificantthreat.Oftenstatesponsored,these

attacksarehighlyorganizedandsophisticated.Healthcareorganizationsexperienced

aggressiveattackssinceatleast2018,andthethreatremainsaspersistentasever

.1

Ransomwareleaksitesareprevalent

.2

Healthcareproviders,payors,vendors,andotherentitiesacrossthehealthcareecosystemhavebeentargeted.Ransomwareremainsa

criticalissue,highlightingtheneedforrobustdefensesandeffectiveresponsestrategies.

2024RansomwareTrends

Healthcareorganizationsappeartobepreparedtopreventanddefendagainst

ransomwareattacksin2024.AsshownbelowinFigure14,amajorityofrespondents(74%)indicatedthattheirorganizationshadnotexperiencedransomwareattacksinthepast12months.However,13%reportedthattheirorganizationshadbeentargeted,underscoringtheongoingriskransomwareposestothehealthcareandpublichealthsector.Thirteen

percentofrespondents—primarilyfromnon-executivemanagementandnon-managementroles—statedtheydidnotknowwhethertheirorganizationshadexperiencedsuchanattack.

Figure14:RansomwareAttackin2024

1U.S.DepartmentofHealthandHumanServices.RansomwareTrendsinHealthcare.,

/sites/default/files/ransomware-healthcare.pdf.AccessedJan.242025

.

2PaloAltoNetworks.Unit42RansomwareLeakSiteDataAnalysis.PaloAltoNetworks,

/unit-42-ransomware-leak-site-data-analysis/.AccessedJan

.242025.

17

2024HIMSSHealthcareCybersecuritySurvey|©2025HealthcareInformationandManagementSystemsSociety

18

2024HIMSSHealthcareCybersecuritySurvey|©2025HealthcareInformationandManagementSystemsSociety

RansomwareTrends:2022-2024

Thepercentageofrespondentsreportingthattheirorganizationsexperienced

ransomwareattackshasremainedrelativelyconsistentinrecentyears.AsshowninFigure15below,in2024,13%indicatedtheirorganizationshadexperiencedaransomware

attack,slightlyhigherthanthe12%reportedin2023andmatchingthe13%reportedin

2022.Similarly,thepercentageofrespondentsreportingnoransomwareattacksremainedsteadyat74%in2024,comparedto75%in2023and78%in2022.Respondentswhodid

notknowwhethertheirorganizationsexperiencedaransomwareattackwere13%ofrespondentsin2023and2024,comparedto9%in2022.

Thesefindingshighlighttheimportanceofimprovingvisibilityandtransparencyregardingransomwareincidents.Evenwhenorganizationsarenotdirectlyimpacted,thepersistentthreatofransomwarenecessitatesconstantvigilance,proactiveplanning,androbust

defensestosafeguardsensitiveassetsandensureoperationalandclinicalcontinuity.

Figure15:RansomwareAttacksfrom2022-2024

19

2024HIMSSHealthcareCybersecuritySurvey|©2025HealthcareInformationandManagementSystemsSociety

ToPayorNottoPay-RansomwarePayments

Ransomwarevictimsfacethetoughdecisionofwhethertopay,basedontheirspecificcircumstances.Amonghealthcareorganizationsvictimizedin2024,62%ofrespondentsreportednotpayingaransom,11%paidtheransom,and27%didnotknow,asshowninFigure16.In2023,30%ofrespondentsstatedthattheirorganizationspaidtheransom,

while52%didnot,and18%didnotknow,asshownbelowinFigure17.Payingaransomnotonlyhasthepotentialtoemboldenthreatactorsbutalsoincreasesthelikelihoodofrepeatedtargetingoradditionalattacksonotherhealthcareorganizations.Thereisa

needforbettercoordination,planning,andinformationsharingtoimproveresilience.

Figure16:RansomwarePaymentsin2024

Figure17:RansomwarePaymentsin2023-2024

20

2024HIMSSHealthcareCybersecuritySurvey|©2025HealthcareInformationandManagementSystemsSociety

Proactivevs.ReactiveSecurityMeasures

Organizationsreportedarangeofproactivean