IT security budgets at US healthcare organizations have lagged behind other industries. In a highly regulated industry, budget constraints have made compliance challenging and impeded security maturity. Yet ongoing regulatory pressure, increased targeted attacks, and healthcare technology innovation demand much higher levels of security maturity. This report examines industry trends, dissects healthcare security budgets and challenges, and provides recommendations to help healthcare security leaders benchmark their efforts and prioritize initiatives.