Absolute Security, the leader in enterprise resilience, today published Resilience Obstacles in the Healthcare Industry, Q1 2025. This new research analyzed telemetry from more than a million PCs in healthcare environments to uncover the top factors stopping them from achieving resilient security postures. Now a key strategic imperative,1 resilience helps organizations ensure their mission-critical endpoint security controls and business applications remain always on, fully operational, and able to quickly recover from ransomware, operational outages, and disruptive IT incidents.
Also Read: The Arbitrage Opportunity of Small Language Models: Unlocking AI Efficiency and Performance
Key Findings
This new research highlights three critical resilience challenges that healthcare Security and Risk Management (SRM) leaders face:
- Missing, Non-Compliant Security and Risk Controls – Of the PCs analyzed, 15 percent of the time, critical security controls were found to be either non-compliant with internal security and risk policies or missing from devices. Foundational security controls assessed included Data Protection, Endpoint Protection Platforms (EPP/XDR), Security Service Edge (SSE), VPN, and Vulnerability Management solutions. These findings show that in healthcare, PCs and networks are frequently without a vital first line of defense against attackers and exploits.
- Delayed Patching – The average Windows endpoint in healthcare is 48 days behind on critical security patches. With unpatched vulnerabilities being a leading cause of breaches and ransomware infections,2 this basic security hygiene failure is leaving organizations open to data breaches and prolonged, disruptive outages.
- Shadow AI Risks – AI use is growing, with healthcare employees frequently accessing generative AI platforms including ChatGPT, which is not HIPAA-compliant. This not only raises concerns about potential patient data exposure and regulatory violations, but also demonstrates organizations struggle to govern Shadow AI use.
“Ransomware groups continue to target the healthcare sector, exploiting vulnerable endpoints to disrupt operations and steal sensitive patient data. At the same time, compliance risks are rising as healthcare organizations struggle to maintain healthy security controls and monitor AI-related threats,” said John Herrema, Chief Product Officer, Absolute Security. “With a proactive and resilient approach, hospitals, clinics, and healthcare providers can close risk gaps, avoid regulatory failures, and quickly recover after being hit with a cyberattack or IT incident.”
Also Read: Ensuring High Availability in a Multi-Cloud Environment: Lessons from the CrowdStrike Outage
Embedded in the hardware of more than 600 million endpoints, the Absolute Security Resilience Platform helps thousands of global customers remain resilient in the face of ransomware, other threats, BSOD and IT incidents. Learn more about how Absolute helps healthcare organizations like yours:
- Visit us at HIMSS 2025, in Caesar’s Forum, Booth C1031, Cybersecurity Command Center.
- On Tuesday, March 4, at 4:10 PM, in the Cybersecurity Command Center – Theater A, attend Absolute Security SME Brennen Reynolds’ session: Building Resilient Endpoint Health in Healthcare Organizations
- Download your complimentary copy of Resilience Obstacles in the Healthcare Industry, Q1 2025.
