Report: State of Cyber Risk in Healthcare
In this new research report, RiskRecon teamed up with Cyentia Institute and
Health-ISAC to diagnose the digital risk factors facing healthcare providers
and share important results from this research to aid those managing
cyber risk in the healthcare sector.
Key findings include:
- Healthcare boasts one of the highest average rates of severe security findings.
- The rate of severe security findings in the smallest providers is 3x higher than that of the largest providers.
- The industry average rate of severe security exposures in critical cloud-based assets is 10x that of assets hosted on-premises.
Page 9 of the report
A note from Errol Weiss, CSO at H-ISAC
“In 2020, Health-ISAC members across healthcare delivery, big pharma, payers and medical device manufacturers saw increased cyber risks across their evolving and sometimes unfamiliar supply chains. Adjusting to the new operating environment presented by COVID-19 forced healthcare companies to rapidly innovate and adopt solutions like cloud technology that also added risk with an expanded digital footprint to new suppliers and partners with access to sensitive patient data. This report is an important read for any CISO or third-party risk practitioner to gain insights on measuring risk surface in the healthcare industry.”
Read the full report here:
- Related Resources & News
- Healthcare Heartbeat 2024 Q4
- Health-ISAC Hacking Healthcare 2-19-2025
- Podcast: Reflecting on the Change Healthcare cyberattack
- Senate Confirms Trump Pick RFK Jr. to Lead HHS
- The Alarming Backdoor Hiding in 2 Chinese Patient Monitors
- Health-ISAC 2025 Health Sector Cyber Threat Landscape
- How Health Systems Manage Security in the Cloud
- Change Healthcare Attack a Wake-up Call for the Industry
- Five High-Impact Cyberattacks Healthcare Industry Should Avoid in 2025
- Health-ISAC Hacking Healthcare 2-11-2025