Healthcare cybersecurity budgets expected to rise in 2025

Healthcare leaders expect their cybersecurity budgets to rise in 2025, according to HIMSS survey data. Historically, obtaining adequate funds for cybersecurity has been a challenge for security leaders across various sectors, including healthcare.

However, about 55% of respondents to the "2024 HIMSS Healthcare Cybersecurity Survey" reported anticipating a cybersecurity budget increase this year, while just 4% expected a decrease and 21% said their budgets were likely to remain the same. The survey reflected the responses of 273 healthcare cybersecurity professionals who had day-to-day oversight of their organization's cybersecurity program.

"Healthcare organizations with greater financial resources are better equipped to leverage robust cybersecurity solutions. Sufficient cybersecurity funding enables organizations to access advanced tools, hire skilled personnel, and implement comprehensive strategies," the report stated.

"Conversely, limited budgets can pose challenges, making it more difficult to address the ever-evolving cyber threat landscape effectively."

Experts who reported that their cybersecurity budgets would increase expressed a direct connection between the budget increase and better tools, policies and staffing resources.

More than 55% of respondents said that the increased cybersecurity budget would enable significant improvement to tools, and 47% indicated significant improvements to policies. Nearly a third of respondents said that the budget growth would enable improvements to staffing.

It's not just cybersecurity budgets that are seeing modest increases -- overall IT budgets are also rising.

Just over 50% of respondents said that their overall IT budgets increased from 2024 to 2025, and cybersecurity budgets are sometimes grouped into the overall IT budget. While 20% of respondents said that their organization had no specific cybersecurity carve-out within their IT budgets, 19% of respondents reported that their organizations spent 3-6% of the overall IT budget on cybersecurity.

As budgets appear to stabilize, communication gaps remain. For example, the percentage of respondents who were unaware of their organizations' security budgets rose from 18% in 2020 to 23% in 2024.

"While modest increases in healthcare cybersecurity budgets are evident, additional investments are critical to address growing threats, protect sensitive assets, and support new technologies," the report stated.

"Without sufficient funding, organizations risk disruptions to patient care, loss of trust, and significant financial and reputational harm."

Increased budgets can help healthcare organizations improve their security programs, but the report emphasized that proper prioritization and strategic planning are crucial with any budget size.

The survey touched on several other key healthcare cybersecurity topics, such as AI adoption, managing third-party risks and ransomware trends. While healthcare organizations are actively improving their security programs, being proactive about persisting and emerging threats will remain critical to enabling patient care and operations.

"By implementing more robust cybersecurity defenses, healthcare organizations are better equipped to protect patient data and patient safety," the report concluded. "Continued adaptation and innovation will be essential for navigating an increasingly digital world."

Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.