Responses to 62 minutes average time it takes an adversary to move from initial host 11 Regulation to another once in a system Time is becoming a bigger factor in healthcare cybersecurity. While regulators are asking organizations to respond to breaches 72 hours in days, bad actors are moving into systems in minutes. Most orgs amount of time US government wants health orgs are using immature security systems that monitor, but don’t react, to report cyber events12 when aacks occur. of hospitals that were conducting regular of orgs are only set up to monitor (not react) to cyber vulnerabilities 1 13 vulnerability scanning at least quarterly 13 of orgs have documented plans to address vulnerabilities go beyond scanning with use of penetration testing, 13 red/blue teams, etc. believe that integration and interconnection of risk management of small, medium, and large sized hospitals claim they systems, domains, and processes had a significant enhancement were operating with end-of-life operating systems or 8 13 to eectiveness over risk-related decision making soware with known vulnerabilities State of Health Security 2025 | 13