This paper presents findings from a study of U.S. healthcare organizations and the role that their organizational challenges play in their efforts to fully deploy security-related measures. Specifically, we examined organizational antecedents of healthcare organization’s assimilation of security policies and practices. The study examined perceived complexity related to the initiatives, the organization’s compatibility with adopting and assimilating the measures, and the structure of the organization as measured by the degree of centralization and decentralization. As such, we examine the effect of complexity, compatibility, and centralization-decentralization on the assimilation of security-related measures. The model demonstrates that complexity related to the assimilation of security measures presents challenges for healthcare organizations, as it predicts lower levels of assimilation. Organizational compatibility and structure were not found to be significant. Our model controlled for the level to which these organizations had assimilated internet-related technologies and strategies in order to account for their level of sophistication with IT and their exposure to the risk of cyber threats. We conclude that complexity related to assimilation of security-related measures is a significant challenge.