15 Percent of Healthcare PCs Fail Security Test, Increasing Risk of Ransomware, Breaches, and Compliance Violations

SEATTLE & LAS VEGAS--(BUSINESS WIRE)--Absolute Security, the leader in enterprise resilience, today published Resilience Obstacles in the Healthcare Industry, Q1 2025. This new research analyzed telemetry from more than a million PCs in healthcare environments to uncover the top factors stopping them from achieving resilient security postures. Now a key strategic imperative,¹ resilience helps organizations ensure their mission-critical endpoint security controls and business applications remain always on, fully operational, and able to quickly recover from ransomware, operational outages, and disruptive IT incidents.

Key Findings

This new research highlights three critical resilience challenges that healthcare Security and Risk Management (SRM) leaders face:

• Missing, Non-Compliant Security and Risk Controls – Of the PCs analyzed, 15 percent of the time, critical security controls were found to be either non-compliant with internal security and risk policies or missing from devices. Foundational security controls assessed included Data Protection, Endpoint Protection Platforms (EPP/XDR), Security Service Edge (SSE), VPN, and Vulnerability Management solutions. These findings show that in healthcare, PCs and networks are frequently without a vital first line of defense against attackers and exploits.
• Delayed Patching – The average Windows endpoint in healthcare is 48 days behind on critical security patches. With unpatched vulnerabilities being a leading cause of breaches and ransomware infections,² this basic security hygiene failure is leaving organizations open to data breaches and prolonged, disruptive outages.
• Shadow AI Risks – AI use is growing, with healthcare employees frequently accessing generative AI platforms including ChatGPT, which is not HIPAA-compliant. This not only raises concerns about potential patient data exposure and regulatory violations, but also demonstrates organizations struggle to govern Shadow AI use.

“Ransomware groups continue to target the healthcare sector, exploiting vulnerable endpoints to disrupt operations and steal sensitive patient data. At the same time, compliance risks are rising as healthcare organizations struggle to maintain healthy security controls and monitor AI-related threats," said John Herrema, Chief Product Officer, Absolute Security. “With a proactive and resilient approach, hospitals, clinics, and healthcare providers can close risk gaps, avoid regulatory failures, and quickly recover after being hit with a cyberattack or IT incident.”

Embedded in the hardware of more than 600 million endpoints, the Absolute Security Resilience Platform helps thousands of global customers remain resilient in the face of ransomware, other threats, BSOD and IT incidents. Learn more about how Absolute helps healthcare organizations like yours:

• Visit us at HIMSS 2025, in Caesar’s Forum, Booth C1031, Cybersecurity Command Center.
• On Tuesday, March 4, at 4:10 PM, in the Cybersecurity Command Center – Theater A, attend Absolute Security SME Brennen Reynolds’ session: Building Resilient Endpoint Health in Healthcare Organizations
• Download your complimentary copy of Resilience Obstacles in the Healthcare Industry, Q1 2025

About Absolute Security

Absolute Security is partnered with more than 28 of the world’s leading endpoint device manufacturers, embedded in the firmware of 600 million devices, trusted by thousands of global enterprise customers, and licensed across 16 million PC users. With the Absolute Security Cyber Resilience Platform integrated into their digital enterprises, customers ensure their mobile and hybrid workforces connect securely and seamlessly from anywhere in the world and that business operations recover quickly following cyber disruptions and attacks.

To learn more, visit www.absolute.com and follow us on LinkedIn, X, Facebook, and YouTube.

ABSOLUTE SECURITY, ABSOLUTE, the ABSOLUTE LOGO, AND NETMOTION are registered trademarks of Absolute Software Corporation ©2025, or its subsidiaries. All Rights Reserved. Other names or logos mentioned herein may be the trademarks of Absolute or their respective owners. The absence of the symbols ™ and ® in proximity to each trademark, or at all, herein is not a disclaimer of ownership of the related trademark. Absolute Security is a Crosspoint Capital portfolio company.

¹ Gartner, Leadership Vision for 2025: Security and Risk Management, Jan. 13, 2025.

² Mandiant: M-Trends 2024 Special Report; Sophos: Unpatched Vulnerabilities: The Most Brutal Ransomware Attack Vector