Blog

What Every Aging Services Provider Should Know About Cybersecurity in 2025

Posted on by Eric Kanyi
What You Should Know About Cybersecurity in 2025
Subscribe to Our Newsletter

When George Makaye, CISSP and CEO of GXA, took the stage at the 2025 LeadingAge Texas Annual Conference, he made one thing clear: cybersecurity in aging services is no longer just an IT issue.

It’s a leadership imperative.

🎥 Prefer to watch? You can view George’s full 27-minute presentation below:

Over the course of the session, George delivered a fast-moving, practical talk aimed at helping healthcare and senior living leaders take real, actionable steps to meet HIPAA requirements, reduce risk, and respond effectively when things go wrong.

Why Cybersecurity is a Leadership Issue

George opened with a challenge: “Cybersecurity isn’t just about IT it’s about leadership.”

He outlined how compliance failures don’t just create technical headaches. They create operational disruptions, financial exposure, and reputational damage that can affect every level of a care organization.

Strengthen Your Cybersecurity Strategy

Align cybersecurity with your goals for a secure, scalable, and cost-efficient plan.

Schedule A Free Consultation

To reinforce this point, George shared the top threats facing aging services providers in 2025:

  • Phishing and social engineering still account for 80% of breaches, driven by human error and increasingly sophisticated attacker tactics.
  • Third-party vendors represent an expanded attack surface—especially as more operations rely on cloud applications without formal vendor due diligence.
  • Ransomware continues to disrupt operations across the industry, and many organizations still don’t have coordinated response plans in place.

The Cloud Is Not Your Security Strategy

One of George’s key messages was about accountability in cloud environments. Just because data is in Microsoft 365 or managed by a SaaS vendor doesn’t mean you’re protected.

“You’re still responsible,” he reminded attendees. “The cloud provider gives you tools but configuring them correctly and monitoring them is still on you.”

George walked through what an effective third-party risk management program looks like, including:

  • Maintaining an up-to-date inventory of all cloud vendors
  • Performing pre-contract cybersecurity due diligence
  • Requiring evidence of standards like SOC 2 or ISO 27001
  • Regularly reviewing vendors’ incident response policies and access controls

AI in Cybersecurity: A Useful Tool, Not a Silver Bullet

George closed by touching on how AI is reshaping the security landscape. Many monitoring tools now use AI to detect anomalies and speed up response times. But organizations must ensure those tools are HIPAA-compliant, and that AI doesn’t replace the policies, planning, and training that compliance still requires.

Takeaway: Start Small, But Start Now:

 The final takeaway? Progress beats perfection.

As George reminded attendees, “You don’t have to do everything at once. But cybersecurity is a shared responsibility. Start by picking five things you can act on—and build from there.”

🎬 Watch the full session to dive deeper into:

  • How ransomware plays out in real-world care environments
  • What tabletop incident drills look like
  • Why mobile device policies are now a HIPAA essential

Need help getting started?

GXA specializes in helping healthcare and senior living providers build practical, compliant, and scalable security programs. Whether you need a risk assessment, a cloud audit, or a full cybersecurity strategy, we can help you get there without the jargon.

Ready to Get Started? Book Your Exclusive Cybersecurity Consultation Here

Discover Trusted IT Consulting Services Near You