The healthcare sector remains a top target for cybercriminals, with 92 percent of healthcare organizations reporting a cyberattack in 2024. Ransomware is a predominant threat, and recent research indicates that attackers are moving from encrypting data to threatening its exposure. Human error remains a significant factor in data breaches, as well as the increasing use of connected devices that create multiple entry points for attackers.
Part of healthcare’s allure is economic. An electronic health record (EHR) is worth about $300 — far more than credit card data — because it contains sensitive information that can be used for years for various types of fraud. An oncology record can be worth as much as $2,000, while genomic data can be worth more than $6,000 when linked to other information.
However, healthcare organizations are also targeted because of their vulnerabilities. Many organizations still rely on outdated software and operating systems that are difficult to patch and lack modern security controls.
A recent analysis by the Department of Health and Human Services found that 96 percent of hospitals are operating with end-of-life systems that have known vulnerabilities. While this problem spanned small, midsize and large hospitals, the larger facilities were also concerned with connecting and exchanging data with smaller and rural affiliates because of their greater risk.
Medical devices are particularly problematic. Hospitals typically keep medical devices for five to 15 years, depending on the type and usage. Hospitals may not have the budget to replace or upgrade equipment frequently, and taking a device out of service can disrupt patient care. However, medical equipment may run unsupported operating systems and software, creating an entry point for attackers if the equipment is connected to the network.
Many facilities are also struggling with outdated EHR systems, dedicating as much as 80 percent of their IT budget simply maintaining them. Many legacy systems lack advanced security protocols and have limited monitoring and logging capabilities.
Legacy systems and software create inefficiencies that can lead staff to resort to risky workarounds. In a 2025 survey of healthcare professionals conducted by Censuswide, 90 percent said their current systems do not meet their needs, and 23 percent admitted to relying on workarounds to perform basic tasks. Workarounds create security blind spots and increase the risk of data exposure.
Outdated technology also creates errors and delays that put patients at risk, according to 98 percent of healthcare professionals. In the U.S., 27 percent of professionals said these issues occur daily.
As a result, many healthcare professionals resort to using unsanctioned tools just to get their jobs done. These “shadow IT” solutions often lack essential security features, creating new vulnerabilities. In a 2025 online survey by symplr and the College of Healthcare Information Management Executives, 86 percent of respondents reported that employees rely on unsanctioned apps and services.
Healthcare organizations often delay IT modernization due to budget constraints, skills gaps, and the complexity and risk of upgrades. However, the cyber risk of technical debt can help IT leaders reframe the conversation. Instead of a “nice to have” that could increase efficiency and reduce maintenance overhead, modernization becomes a strategic imperative to reduce the risk of a costly data breach and regulatory compliance violations.
Modernization can also be presented as critical to improving patient safety. In the Censuswide survey, 23 percent of respondents said that data is trapped in silos. Integrated systems that can share data with minimal friction reduce errors and miscommunications and give clinicians the information they need to deliver quality care.
Additionally, seamless data flows are essential for healthcare organizations looking to adopt AI. Organizations will need to knock down data silos and ensure that they have high-performance, resilient platforms that can support AI-enabled tools.
Technologent understands the challenges associated with IT modernization in healthcare and can help organizations develop a strategic plan that minimizes risk and accelerates time-to-value. We can also help organizations move from reactive to proactive security and embed security best practices throughout their operations.