What You Should Know:
– Healthcare organizations are facing an unprecedented cyber threat landscape, making the need to elevate cyber resilience to a strategic business priority more urgent than ever.
– According to the “US Healthcare Cyber Resilience Survey” released by Ernst & Young LLP (EY US) and KLAS Research, the risks posed by sophisticated cyber threats are directly compromising patient care, business operations, and financial stability.
Widespread Impact and Financial Disruption
The survey, which gathered insights from 100 healthcare executives, underscores the severe vulnerability across the sector.
- Widespread Disruption: Over 70% of health organizations reported experiencing significant financial, operational, or clinical disruptions due to cyber threats in the past year. These organizations reported an average of five different types of cyber threats impacting their systems.
- Shifting Perception: Leaders must fundamentally shift from viewing cybersecurity as merely a compliance or IT issue to recognizing it as a core enabler of patient safety and operational resilience.
“Cybersecurity is more than a compliance checkbox – it drives safe care, patient trust, and long-term success. Treating cyber resilience as a strategic priority empowers healthcare systems to thrive amid rising threats,” said Nana Ahwoi, EY Americas Consumer and Health Cybersecurity Industry Leader.
6 Strategies for Accelerating Cyber Success
The report outlines a clear mandate for health executives to integrate cyber strategies across their enterprise to ensure long-term success and value creation.
- Cyber as a Strategic Imperative: Align cybersecurity directly with overall strategic goals to reduce risk and improve outcomes.
- New Digital Identity Challenges: Implement a new playbook to address the rise of AI-driven threats and the complexity of managing nonhuman identities.
- Cyber as an Innovation Enabler: Use robust security to actively support the safe adoption of AI, automation, and remote care models. This allows healthcare systems to modernize confidently while preserving patient trust.
- Future Ready Talent: Tackle talent shortages by prioritizing the training and upskilling of personnel across the entire organization.
- Beyond the Cyber Compliance Checkbox: Shift focus from merely meeting regulatory requirements to adopting a comprehensive, strategic risk management approach.
- Disrupt Third-Party Risk: Strengthen vendor oversight and gain ecosystem-wide visibility to manage risk from complex partner networks.
Prioritizing Investment in Identity and Workforce
To adapt to the evolving sophistication of cybercrime, health organizations are focusing their resources on controls that protect data access and system integrity.
- Top Investment Priority: Sixty-eight percent of respondents indicated that identity & access management would be their top priority for increasing investments in the coming fiscal year.
- Workforce as a Defense: Just over half of respondents (52%) agreed that training and upskilling personnel is an effective tool to combat cyber challenges. Furthermore, 81% said prioritizing cybersecurity in business strategy is effective in overcoming challenges.
“Healthcare leaders must prioritize workforce cyber training and readiness to unlock the full value of cybersecurity investments—ensuring safe patient care and strengthening system resilience,” concluded Ahwoi.
