Healthcare faces surge in cyberattacks & AI-driven threats
The 2025 Spotlight Report: Cyber Resilience and Business Impact in Healthcare surveyed healthcare executives globally to assess how the industry is responding to ongoing and evolving cyber threats.
According to the findings, 32% of healthcare executives stated that their organisation had suffered a security breach in the past 12 months. In addition, nearly half (46%) of respondents reported experiencing a significantly higher volume of cyberattacks compared to previous years.
The report addressed emerging concerns over artificial intelligence, as only 29% of healthcare executives said they felt prepared for AI-powered cyber threats. Despite this, 41% believed their organisations would be targeted by such threats in the foreseeable future.
Visibility into the software supply chain remains another weakness for many organisations. The survey found that 54% of healthcare executives said they have very low to moderate visibility into their software supply chain. Only 21% indicated that they are making significant investments in software supply chain security.
LevelBlue's research also details shifts in the way healthcare organisations approach cybersecurity, underscoring a move towards integrating resilience measures across business operations. The report found that 61% of healthcare organisations now align their cybersecurity teams with lines of business, indicating that safeguarding digital assets is increasingly viewed as a shared departmental responsibility.
There is also growing reliance on external expertise to respond to cyber threats. The report indicated that 44% of healthcare organisations expect to enlist managed security service providers over the next two years, compared to just 30% that have used such services in the past year.
Budget allocations reflect this trend as well. The report showed that 59% of leadership roles are now measured against cybersecurity KPIs, and 43% of executives said they allocate cybersecurity budgets at the outset of new initiatives. This approach is designed to embed security considerations into the early stages of business innovation and development.
Theresa Lanowitz, Chief Evangelist of LevelBlue, commented on the findings: "With the rising risk of AI-powered cyberattacks and vulnerabilities in the software supply chain, achieving cyber resilience in healthcare is more critical than ever. Our research shows that healthcare organisations are no longer viewing cybersecurity as just an IT issue; it's now a business priority. Still, there is work to be done to properly prepare and protect themselves."
The report identified specific areas where healthcare organisations are focusing their investments to combat new and emerging threats. According to the surveyed executives, the greatest investment is being made in generative AI for social engineering attack detection (28%), followed by cyber-resilience processes across the business (26%), application security (25%), machine learning for pattern matching (24%), and Zero Trust Architecture (15%).
LevelBlue's findings included recommendations for organisations aiming to strengthen their cyber resilience. These steps are to push cyber resilience up the organisational hierarchy, embed cybersecurity responsibilities throughout all teams, adopt a proactive - rather than reactive - approach to threats, and give particular priority to resilience in the software supply chain.
The research for the Spotlight Report was conducted through a quantitative survey by FT Longitude in January 2025, involving 1,500 C-suite and senior executives across 14 countries and seven industries. The healthcare industry sample included 220 executives.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
4 days ago
- Techday NZ
LevelBlue & Akamai launch managed service for web app security
LevelBlue and Akamai have announced a partnership to deliver new managed web application and API protection services designed to aid organisations in consolidating, simplifying, and scaling their security operations. Service overview The partnership introduces LevelBlue Managed Web Application and API Protection (WAAP), a security service built to provide adaptive, continuous protection to help mitigate risks and reduce the operational demands linked with securing web applications and APIs. The service incorporates Akamai's App & API Protector technology, featuring web application firewall (WAF), distributed-denial-of-service (DDoS) mitigation, bot protection, and foundational API security. This technology is integrated with expertise from LevelBlue's dedicated WAAP Operations team. Against a backdrop of expanding application deployment and usage of APIs, organisations worldwide are facing increased challenges. Research from Enterprise Strategy Group highlights that the average number of web applications per organisation is expected to rise from 145 to more than 200 over two years. The proportion of organisations with over half of their applications using APIs is forecasted to climb from 32% to 80% over the same period. Challenges for security teams Security teams are contending with several critical challenges, including the need to discover application and API deployments, scale protections appropriately, swiftly identify and mitigate attacks, and ensure that security measures do not detract from performance. Added to these obstacles are staff shortages and a proficiency gap, with half of midmarket organisations reporting it is harder to secure web apps and APIs than it was two years ago. Many seek external support and more straightforward, consolidated solutions as environments grow more complex. LevelBlue Managed WAAP aims to tackle these requirements by delivering measurable outcomes in security and simplifying operational processes. Industry perspectives "Today, a surprising number of organisations rely on multiple tools that are not purpose-built for web application and API security - leading to complexity, silos, and rising costs," said Sundhar Annamalai, President of LevelBlue. "LevelBlue offers an alternative: proven services that consolidate and simplify protections with predictable investment. By combining LevelBlue's operational expertise with Akamai's proven technology, organisations can stay ahead of evolving threats and create cyber resilience for critical digital capabilities." The service is available in two tiers, Essential and Advanced, giving organisations flexibility to select the level of support most suited to their requirements. Key features include: Round-the-clock support and advisory from a fully operational team of WAAP specialists Automatic identification and classification of web applications and APIs, with scalable protection prioritised for exposed or sensitive data-handling assets AI-powered threat detection combined with global threat intelligence to identify anomalies and adapt to emerging attack vectors Expert-led, automated policy management to improve efficiency, reduce false positives, and align with contemporary DevOps workflows The prevalence and complexity of online threats continues to increase. In 2024, Akamai reported witnessing over 311 billion web application attacks, highlighting the need for robust protection as organisations accelerate digital adoption and AI-powered attacks become more sophisticated. "In 2024 alone, Akamai saw over 311 billion web app attacks. As AI accelerates, threats are harder to spot, and security is tougher to control," said Rupesh Chokshi, Senior Vice President and General Manager of Akamai's Application Security Portfolio. "Akamai and LevelBlue's partnership gives customers access to a trusted, reliable team that combines industry-leading technology with the deep operational expertise of one of the world's largest MSSPs. It's a powerful combination with a flexible solution that can fast-track organisations to resilient protection and compliance." Follow us on: Share on:
Techday NZ
30-07-2025
- Techday NZ
LevelBlue warns cyber incidents jump as social engineering rises
LevelBlue has released its latest Threat Trends Report, revealing significant changes in cyberattack patterns and a marked increase in incident rates during the first half of 2025. Incident rates rise The report, analysing data from January through May 2025, shows that the percentage of LevelBlue customers experiencing cybersecurity incidents surged from 6% in the second half of 2024 to 17% in 2025. This threefold increase highlights escalating risks to organisations across various sectors. The report attributes this sharp rise in part to evolving tactics employed by cybercriminals. While Business Email Compromise (BEC) continues to be the most frequent method for gaining initial access to systems, there has been notable growth in alternative approaches. Non-BEC incidents increased by 214%, indicating that attackers are diversifying their methods to infiltrate networks. Faster breakout times LevelBlue's findings indicate that once attackers penetrate a network, they are moving laterally inside these environments at unprecedented speeds. The average breakout time (the duration between initial access and lateral movement) has now dropped to under 60 minutes, with certain cases recorded at less than 15 minutes. Social engineering surge The report points to a considerable surge in social engineering attacks, with 39% of initial access incidents linked to these techniques. This trend is particularly evident in the prevalence of fake CAPTCHA-based attacks, such as ClickFix campaigns. These campaigns, designed to trick users into providing credentials or executing malware, saw an increase of 1,450% from the second half of 2024 to the first half of 2025. A striking development in the first half of 2025 is how much more sophisticated threat actors have become at deception. They're moving beyond traditional BEC schemes and using targeted social engineering to manipulate users into opening the door. Once inside, they're deploying remote access trojans and quickly covering their tracks, allowing them to move laterally through networks with alarming speed. This isn't a one-off trend – we fully expect this shift to continue throughout 2026. This detailed assessment comes from Fernando Martinez Sidera, Lead Threat Researcher at LevelBlue, underscoring a consistent and increasing sophistication in attackers' use of deception as part of their strategies. Recommendations for defence In response to these trends, LevelBlue has set out several recommendations for organisations seeking to bolster their cyber defences. These include raising awareness among users about threats posed by fake CAPTCHA attacks and other browser-based vectors, and considering restrictions on PowerShell or command prompt use for non-administrator accounts. The report suggests that firms develop and enforce caller verification protocols, such as multi-factor authentication (MFA), code words or phrases, or the use of identity verification platforms. It also advises mandatory implementation of MFA and digital certificates for VPN access, as well as deployment of jump boxes for remote desktop access from outside organisational networks. Another recommendation is the removal of Quick Assist from all end-user machines unless there is a specific business requirement, alongside following established guidelines to prevent the unauthorised download and execution of remote monitoring and management (RMM) software. The report notes that in help desk-themed attacks, threat actors may leverage other tools if Quick Assist is unavailable. Patch management also features prominently among suggested actions. Organisations are reminded to remain vigilant regarding vulnerabilities and to install updates promptly - especially where proof-of-concept exploits have been publicly released. Working together on cyber threats The LevelBlue Security Operations Centre collaborates closely with LevelBlue Labs researchers to monitor evolving threats and develop effective countermeasures. This teamwork involves sharing intelligence and methodologies as well as joint research projects, with the aim of strengthening defences across client organisations. The LevelBlue Threat Trends Report is intended to provide organisations with clear insight into current cyber threat landscapes and practical steps to reduce exposure to increasing and more sophisticated attacks.
Techday NZ
04-07-2025
- Techday NZ
LevelBlue acquires Trustwave to form largest global MSSP
LevelBlue has entered into an agreement to acquire Trustwave, expanding its capabilities in managed security services and managed detection and response. The acquisition of Trustwave from MC2 Security Fund is expected to create the world's largest independent, pure-play managed security services provider. This move closely follows LevelBlue's recent agreement to purchase Aon's cybersecurity consulting business, further consolidating its position in the cyber defence sector. Expanded capabilities Trustwave's Fusion Platform and cloud-native MDR service will be integrated into LevelBlue's offering. The merger aims to deliver 24/7 cybersecurity protection across global markets, enhancing visibility and control over security operations for organisations of varying scales. The combined portfolio is anticipated to create a strategically unified managed defence platform. It will leverage LevelBlue's artificial intelligence-driven threat detection capabilities and Trustwave's SpiderLabs unit for threat research and intelligence. The joint offering targets organisations operating across cloud, hybrid, and on-premises environments. Trustwave recently achieved full authorised status from the US Federal Risk and Authorization Management Program (FedRAMP) and StateRAMP, which will enable LevelBlue to meet requirements for US federal and state projects, including those with stringent security demands such as the Department of Defense and Cybersecurity Maturity Model Certification (CMMC). "The acquisition of Trustwave represents a pivotal moment for LevelBlue and the cybersecurity industry," said Robert McCullen, Chairman and CEO of LevelBlue. "Trustwave's extensive expertise in managed detection and response services, combined with its unparalleled threat intelligence from SpiderLabs and mission-critical FedRAMP and StateRAMP authorizations, perfectly aligns with our vision to deliver simplified and powerful cybersecurity protection to organisations. This strategic move reflects our commitment to delivering better cybersecurity outcomes to our customers and enhances our global go-to-market capabilities, as well as in the U.S. federal, state, and local government markets." Eric Harmon, Chief Executive Officer of Trustwave, said, "We're thrilled to partner with LevelBlue to drive our next phase of growth and unlock even greater cyber value for our clients. The threat landscape continues to evolve at an increasingly rapid pace. This announcement reinforces Trustwave's market leadership, and together with LevelBlue, positions us to further strengthen our combined leadership position, bolster our offensive and defensive security portfolio, and drive additional innovation to further safeguard and fortify our clients against disruptive and damaging cyber threats." Market response Trustwave, headquartered in Chicago and operating globally, employs over 1,000 security professionals. It is recognised as an industry leader in managed detection and response, managed security services, cybersecurity advisory, penetration testing, database, and email security. Its SpiderLabs team contributes threat research and intelligence, integrated into its product and service suite. Market analysts noted the significance of the deal, particularly in light of recent consolidations in the managed security sector. Christina Richmond, Principal Analyst at Richmond Advisory Group, stated, "Two longtime leaders in MSS and MDR coming together signals market maturation and industry consolidation, but also a powerhouse opportunity. Trustwave's SpiderLabs team and Fusion platform integrated with LevelBlue's threat intelligence and machine learning capabilities, backed by the Open Threat Exchange (OTX), will enhance threat detection and response on a cloud-based platform. Add in the recently announced acquisition of Aon's Cybersecurity and Intellectual Property Litigation consulting groups, and the potential for a full-service global cybersecurity and risk management firm is apparent." Strategic impact The acquisition fits into LevelBlue's broader approach of merging complementary organisations to build a stronger, more integrated offering for clients, specifically addressing increased demand for comprehensive managed cybersecurity solutions. Bringing together the two companies will position LevelBlue as the largest independent, pure-play MSSP globally. Chad Sweet, Chairman of Trustwave and Co-Founder of The Chertoff Group / MC2, expressed support for the acquisition. "Joining forces with LevelBlue marks an exciting new chapter for Trustwave and our clients. The combination of LevelBlue's AI threat detection and Trustwave's FedRAMP and StateRAMP authorized Fusion Intelligent Security Operations Platform enables leading-edge cybersecurity protection for enterprises and government clients." Shawn Hakl, Head of AT&T Business Products, commented on the significance of the certification aspects. "FedRAMP and StateRAMP certified managed detection and response capabilities are an exciting expansion to LevelBlue's managed security services. This business combination positions LevelBlue as a strategic provider of cybersecurity services in AT&T's portfolio, especially to our valued federal customers." Financial advice for LevelBlue was provided by Santander, with legal counsel from Kirkland & Ellis. Trustwave's advisors included Guggenheim Securities and Pillsbury Winthrop Shaw Pittman. Strategic advice will be provided by The Chertoff Group to help accelerate growth in the managed detection and response market segment. The financial terms of the deal were not disclosed, and the acquisition remains subject to customary closing conditions.
