15 Percent of Healthcare PCs Fail Security Test, Increasing Risk of Ransomware, Breaches, and Compliance Violations

By
Technology For You
-
  • New Research from Absolute Security Reveals Failures Include Endpoints with Non-Compliant and Missing Critical Security & Risk Controls
  • Visit Absolute Security in the Cybersecurity Command Center at HIMSS 2025 (Booth C1031) to Learn How to Strengthen Healthcare Endpoints Against Ransomware, IT Failures, and Compliance Risks

SEATTLE & LAS VEGAS–(BUSINESS WIRE)–Absolute Security, the leader in enterprise resilience, today published Resilience Obstacles in the Healthcare Industry, Q1 2025. This new research analyzed telemetry from more than a million PCs in healthcare environments to uncover the top factors stopping them from achieving resilient security postures. Now a key strategic imperative, resilience helps organizations ensure their mission-critical endpoint security controls and business applications remain always on, fully operational, and able to quickly recover from ransomware, operational outages, and disruptive IT incidents.

Key Findings

This new research highlights three critical resilience challenges that healthcare Security and Risk Management (SRM) leaders face:

  • Missing, Non-Compliant Security and Risk Controls – Of the PCs analyzed, 15 percent of the time, critical security controls were found to be either non-compliant with internal security and risk policies or missing from devices. Foundational security controls assessed included Data Protection, Endpoint Protection Platforms (EPP/XDR), Security Service Edge (SSE), VPN, and Vulnerability Management solutions. These findings show that in healthcare, PCs and networks are frequently without a vital first line of defense against attackers and exploits.
  • Delayed Patching – The average Windows endpoint in healthcare is 48 days behind on critical security patches. With unpatched vulnerabilities being a leading cause of breaches and ransomware infections, this basic security hygiene failure is leaving organizations open to data breaches and prolonged, disruptive outages.
  • Shadow AI Risks – AI use is growing, with healthcare employees frequently accessing generative AI platforms including ChatGPT, which is not HIPAA-compliant. This not only raises concerns about potential patient data exposure and regulatory violations, but also demonstrates organizations struggle to govern Shadow AI use.

“Ransomware groups continue to target the healthcare sector, exploiting vulnerable endpoints to disrupt operations and steal sensitive patient data. At the same time, compliance risks are rising as healthcare organizations struggle to maintain healthy security controls and monitor AI-related threats,” said John Herrema, Chief Product Officer, Absolute Security. “With a proactive and resilient approach, hospitals, clinics, and healthcare providers can close risk gaps, avoid regulatory failures, and quickly recover after being hit with a cyberattack or IT incident.”

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here