- New Research from Absolute Security Reveals Failures Include Endpoints with Non-Compliant and Missing Critical Security & Risk Controls
- Visit Absolute Security in the Cybersecurity Command Center at HIMSS 2025 (Booth C1031) to Learn How to Strengthen Healthcare Endpoints Against Ransomware, IT Failures, and Compliance Risks
SEATTLE & LAS VEGAS –– Absolute Security, the leader in enterprise resilience, today published Resilience Obstacles in the Healthcare Industry, Q1 2025. This new research analyzed telemetry from more than a million PCs in healthcare environments to uncover the top factors stopping them from achieving resilient security postures. Now a key strategic imperative1, resilience helps organizations ensure their mission-critical endpoint security controls and business applications remain always on, fully operational, and able to quickly recover from ransomware, operational outages, and disruptive IT incidents.
Key Findings
This new research highlights three critical resilience challenges that healthcare Security and Risk Management (SRM) leaders face:
- Missing, Non-Compliant Security and Risk Controls – Of the PCs analyzed, 15 percent of the time, critical security controls were found to be either non-compliant with internal security and risk policies or missing from devices. Foundational security controls assessed included Data Protection, Endpoint Protection Platforms (EPP/XDR), Security Service Edge (SSE), VPN, and Vulnerability Management solutions. These findings show that in healthcare, PCs and networks are frequently without a vital first line of defense against attackers and exploits.
- Delayed Patching – Healthcare organizations are 48 days behind on critical security patching schedules for their PC fleets. With unpatched vulnerabilities being a leading cause of breaches and ransomware infections2, this basic security hygiene failure is leaving organizations open to data breaches and prolonged, disruptive outages.
- Shadow AI Risks – AI use is growing, with healthcare employees frequently accessing generative AI platforms including ChatGPT, which is not HIPAA-compliant. This not only raises concerns about potential patient data exposure and regulatory violations, but also demonstrates organizations aren’t capable of governing Shadow AI use.
“Ransomware groups continue to target the healthcare sector, exploiting vulnerable endpoints to disrupt operations and steal sensitive patient data. At the same time, compliance risks are rising as healthcare organizations struggle to maintain healthy security controls and monitor AI-related threats," said John Herrema, Chief Product Officer, Absolute Security. “With a proactive and resilient approach, hospitals, clinics, and healthcare providers can close risk gaps, avoid regulatory failures, and quickly recover after being hit with a cyberattack or IT incident.”
Embedded in the hardware of more than 600 million endpoints, the Absolute Security Resilience Platform helps thousands of global customers remain resilient in the face of ransomware, other threats, BSOD and IT incidents. Learn more about how Absolute helps healthcare organizations like yours:
- Visit us at HIMSS 2025, in Caesar’s Forum, Booth C1031, Cybersecurity Command Center
- On Tuesday, March 4, at 4:10 PM, in the Cybersecurity Command Center – Theater A, attend Absolute Security SME Brennen Reynolds’ session: Building Resilient Endpoint Health in Healthcare Organizations
- Download your complimentary copy of Resilience Obstacles in the Healthcare Industry, Q1 2025
1Gartner, Leadership Vision for 2025: Security and Risk Management, Jan. 13, 2025
2Mandiant: M-Trends 2024 Special Report; Sophos: Unpatched Vulnerabilities: The Most Brutal Ransomware Attack Vector