Cyberattacks and data breaches have become increasingly common across the healthcare sector, a trend that is likely to continue into 2025.
Here are three predictions about healthcare cybersecurity in 2025, according to a Dec. 19 report by Tech Target:
1. "Cyber resilience" and cyberhygiene will become a top priority. Tech Target predicts that in order to prevent disruptions to operations and supply chains, health systems and providers will hone in their focus on cyber resilience.
Ty Greenhalgh, industry principal of healthcare at Claroty, a cybersecurity firm, predicted that ransomware will remain the primary method of cyberattack in 2025, and that the healthcare sector will take a more preventative stance toward cybersecurity. Increasing the use of multifactor authentication, for example, is one specific way that systems may boost their security efforts.
2. AI presents both new threats and opportunities. Cybercriminals could use AI to create more sophisticated cyberattacks in 2025, Tech Target predicts. This may come in the form of highly personalized phishing campaigns and autonomous malware capable of bypassing traditional security measures. AI can also enable cybercriminals to increase the speed and volume of their attacks.
However, healthcare organizations can implement their own AI-powered cybersecurity tools to monitor cyberthreats and enhance training programs to help employees recognize AI threats.
3. Federal and state legislation on data security is possible. Tech Target predicts that state and federal lawmakers are likely to continue proposing privacy and security legislation. The HIPAA security rule is expected to be updated by the end of 2024 or early 2025, for example.
Tech Target cited one piece of legislation, Washington state's 2023 My Health, My Data Act, as an example that could be passed in other states in 2025. By the end of 2025, eight other states will have similar privacy protections in place, according to the report.