AI Threats, Budget Shifts, and a Blind Spot: Healthcare’s Uneven Cyber Resilience Revealed in LevelBlue’s 2025 Report

In an era where digital transformation and patient care are increasingly intertwined, the healthcare sector finds itself at a critical inflection point—caught between rapid innovation and an evolving threat landscape. LevelBlue’s 2025 Spotlight Report, released today, paints a complex picture of progress and peril, revealing just how prepared (or not) healthcare organizations really are for the age of AI-powered cyberattacks.

The findings are a wake-up call: 32% of healthcare executives admit their organizations experienced a breach within the past year. Nearly half say they’re grappling with a significant spike in attack volume—an escalation that coincides with the rising adoption of generative AI, machine learning, and automation technologies across the industry.

Yet despite these digital advancements, the report makes one thing clear—many healthcare organizations are still underestimating their exposure to new forms of cyber risk, particularly those driven by artificial intelligence and software supply chain vulnerabilities.

The AI Threat Gap

As healthcare systems lean into AI for diagnostics, workflow optimization, and patient engagement, adversaries are using the same technology to supercharge phishing, social engineering, and data exfiltration schemes. Still, only 29% of surveyed healthcare leaders say they feel adequately prepared for AI-driven threats, even though 41% expect them to hit soon.

“With the rising risk of AI-powered cyberattacks and vulnerabilities in the software supply chain, achieving cyber resilience in healthcare is more critical than ever,” said Theresa Lanowitz, Chief Evangelist at LevelBlue. “Our research shows that healthcare organizations are no longer viewing cybersecurity as just an IT issue; it’s now a business priority. Still, there is work to be done to properly prepare and protect themselves.”

Software Supply Chain: A Blind Spot

While the specter of AI looms large, the software supply chain remains a stealthier risk—and an under-addressed one. More than half (54%) of healthcare executives reported having only low to moderate visibility into their software supply chains. Alarmingly, just 21% say they’re making significant investments to secure it.

This oversight is particularly dangerous in a sector reliant on complex, integrated platforms—from EHR systems to diagnostic applications—that often involve multiple third-party vendors. One breach upstream could compromise thousands of endpoints downstream.

Budgeting and the Business of Security

Still, the industry isn’t standing still. There are encouraging signs that cybersecurity is maturing into a business-wide priority. According to the report:

• 61% of healthcare organizations are now aligning cybersecurity teams with core business units.

• 43% are allocating cybersecurity budgets at the outset of new initiatives.

• 59% of leadership roles are being measured against cybersecurity KPIs.

These shifts reflect a deeper understanding that resilience must be built into the DNA of healthcare operations—not bolted on after the fact.

MSSPs on the Rise

As threats grow more complex and security teams reach bandwidth limits, the industry is turning to external help. Nearly half (44%) of organizations plan to bring in managed security service providers (MSSPs) in the next two years—a sharp increase from the 30% that did so over the past 12 months. It’s a sign that hospitals and health systems are no longer trying to weather the storm alone.

Where Healthcare Is Investing Next

When asked about their top areas of cybersecurity investment moving forward, executives pointed to:

• Generative AI threat mitigation (28%)

• Business-wide cyber resilience processes (26%)

• Application security (25%)

• Machine learning for anomaly detection (24%)

• Zero Trust Architecture (15%)

These priorities show a shift from traditional perimeter defenses toward integrated, proactive defense mechanisms designed to anticipate and deflect emerging attack vectors.

The Path Forward

LevelBlue’s report concludes with four key imperatives for any industry aiming to build real cyber resilience: elevate cybersecurity leadership, embed responsibilities across departments, act proactively, and prioritize supply chain security.

For healthcare, the challenge isn’t just staying operational—it’s keeping patients safe in a hyperconnected world.

Explore the full 2025 LevelBlue Spotlight Report: Cyber Resilience and Business Impact in Healthcare here for a deeper look at how the healthcare sector is navigating cybersecurity in the age of AI.