Resilience Becomes the New Imperative for Healthcare Security

Basic safeguards are more critical than ever. It all comes down to cyber hygiene, which involves keeping software up to date, using strong passwords and MFA, and securing your networks. 

The bigger takeaway is that many healthcare organizations still struggle with the fundamentals. They’re managing legacy systems, limited resources, and high-pressure environments where patient care rightly takes priority. The big risk is what happens when hospitals can’t deliver care while under attack. How do you keep surgeries running and ERs open when prevention fails? 

What we’re seeing across the industry is that prevention alone isn’t enough anymore – healthcare must be ready to operate through failure. According to our latest research, 46% of healthcare executives say they’ve seen a rise in cyberattacks this year, yet only 38% have a formal incident response plan in place. That tells us there’s still a significant gap between knowing the risks and being ready to respond when something goes wrong. 

Many hospital systems focus heavily on prevention rather than resilience. Why is this mindset no longer sufficient in today’s threat environment, and how should organizations start shifting their approach? 

Most hospital security strategies are designed to prevent breaches and are driven by compliance. But today, threats move faster than any organization can patch or prevent. Today’s healthcare organizations operate in a climate where a whole hospital system can be taken offline in just a few hours. Adversaries can strike through any number of endpoints, quishing attacks, or the software supply chain to reach their targets. 

That’s why prevention alone doesn’t work anymore. Healthcare leaders need to plan for disruption, whether that is a cyberattack or a natural disaster. The shift starts with viewing cybersecurity as part of patient care and safety, and business continuity, rather than just an IT issue. 

Healthcare organizations must move beyond basic compliance and make cyber resilience a core business function. That means elevating cybersecurity to the C-suite agenda, aligning security teams with business goals, and embedding resilience into every stage of digital transformation. Now is the time for healthcare organizations to be proactive, intentional, and bold about cyber resilience. 

Shifting from prevention to resilience 

When prevention fails, continuity becomes critical. What does true “operational resilience” look like in a healthcare setting — particularly when patient care and life-safety systems are at stake? 

Operational resilience in healthcare means being able to keep delivering care when systems are disrupted. It’s as essential as defending against the next attack. To do that, healthcare organizations need to make sure they have continuous monitoring, detection, and response plans in place. Resilience is now the defining healthcare challenge, and part of it depends on culture — making sure everyone understands their role when things go wrong and feels empowered to act quickly. When prevention fails, the goal is to minimize impact, restore operations fast, and protect patient safety above all else. 

Achieving that level of readiness requires leadership, planning, and practice. Hospitals should elevate cyber resilience as a core business requirement, aligning it with strategic decisions and measuring leadership roles against KPIs. They should also foster a cyber-resilient culture where safe online behavior is reinforced at every level and reporting potential threats is encouraged and easy. Finally, being proactive and intentional means investing in advanced detection and response capabilities, adopting a Zero Trust Architecture, and engaging external expertise to enhance cybersecurity measures, advise on strategy, and provide training. 

AI-powered attacks are emerging as a top concern. How are threat actors using AI in ways that uniquely impact healthcare, and what steps can organizations take now to prepare? 

AI has become a force multiplier for threat actors. It’s being used to automate phishing campaigns to trick busy healthcare staff into revealing sensitive information or granting access to systems. The healthcare industry has also undergone significant transformation with the emergence of the Internet of Medical Things (IoMT) devices. These devices, ranging from wearable monitors to network imaging systems, collect and process vast amounts of sensitive medical data on which they make critical decisions about patients' health. But at the same time, they also raise serious privacy and security concerns.

Cybercriminals often target vulnerabilities within these devices to gain entry into the hospital network and compromise healthcare data. AI is now making it much easier and faster to launch attacks on these interconnected devices, which could cause life-threatening harm to patients. 

Our research found that only 29% of healthcare executives feel prepared for AI-powered attacks, even as 41% expect them in the next year. Healthcare organizations need to prepare on two fronts: by training staff to recognize AI-driven social engineering and making threat reporting easy, and by using monitoring and detection tools that can spot unusual behavior in real time. Organizations should include AI scenarios in tabletop exercises and incident response drills so teams understand how to respond to fast-moving, automated attacks.

Securing the supply chain amid rising system complexity 

Visibility across the software supply chain remains a challenge for many providers. What practical measures can security leaders take to reduce risk without disrupting essential operations? 

Hospitals rely on many connected systems, so the software supply chain is a major challenge for the industry. The challenge is that hackers can exploit supply chain flaws —primarily by targeting unpatched vulnerabilities — to move deeply into networks, steal credentials, gain control of valuable systems, and push out malware, potentially affecting thousands of victims. Attacks like this often go undetected until compromised software has been widely distributed. 

According to our research, 54% of healthcare organizations say they have low to moderate visibility into their software supply chain, and only 19% plan to engage suppliers about their security practices in the next year. That lack of transparency makes it hard to gauge risk or respond quickly when a vulnerability surfaces. 

The good news is that organizations can make meaningful improvements without slowing operations. Some ways to do that are to verify suppliers’ cybersecurity credentials to identify potential vulnerabilities in your software supply chain and require them to share details on their security controls and patching practices. Establish supplier confidence levels to improve supply chain visibility, and conduct regular assessments to maintain resilience. It’s important to remember that third-party risk management is a continuous process, not something that should be reviewed only at procurement. 

Ransomware continues to drive real-world consequences in healthcare. What lessons have emerged from recent incidents about maintaining patient safety and continuity of care under duress? 

Ransomware has become one of the most disruptive and dangerous threats to healthcare today. In the U.S. alone, we have witnessed major ransomware attacks, with both Change Healthcare and Ascension falling victim to ransomware groups. Ransomware attacks are no longer merely economic crimes; they pose a direct threat to patient safety by compromising the ability of hospitals to provide essential care. These attacks have led to critical consequences, such as ambulances being diverted from hospitals, which can delay life-saving treatment.

The impact of these events has pushed cybersecurity higher on leadership agendas, with 67% saying media reports of high-profile breaches elevated cybersecurity at the C-suite level. That visibility is an important step forward, but the challenge now is translating awareness into action. 

Cybercriminals today are more organized, skilled, and sophisticated than before. They’re using advanced techniques and strategies to infiltrate healthcare systems, making it critical for healthcare organizations to stay ahead of the curve. The surge in cyberattacks against healthcare institutions underscores the urgent need for a robust, adaptive cybersecurity strategy. By staying vigilant and fostering a culture of continuous improvement and collaboration, healthcare organizations can better protect their systems and, ultimately, the patients they serve. 

Advancing leadership and investment in cyber resilience 

Healthcare organizations often face budget and staffing constraints. How can CISOs and IT leaders make the case internally to invest in resilience — not just prevention? 

Budgets will always be a challenge in healthcare, but cybersecurity shouldn’t be viewed as a competing priority. Downtime from a ransomware attack or system outage can cost far more financially and reputationally than investment in security. Organizations should carefully determine where and how much to invest, and consider security when calculating the total cost of goods, incorporating security from the beginning. It's important to note that no single approach can completely safeguard all areas. A thorough and multi-layered strategy is needed to handle the unique challenges of every organization. 

We are seeing healthcare organizations making progress in integrating cybersecurity across their operations. Forty-three percent of healthcare executives say their organizations now allocate cybersecurity budgets to new projects from the start, and 61% say their cybersecurity teams are aligned with business lines. When cybersecurity is integrated into strategy early, it supports innovation and helps leaders make smarter tradeoffs. Even with limited resources, healthcare organizations can strengthen resilience by prioritizing investments in advanced detection, continuous monitoring, and partnerships with managed security providers. 

Looking ahead, what does a resilient hospital of the future look like? What cultural, operational and technological changes will define the next generation of healthcare cybersecurity programs? 

The resilient hospital of the future will treat cybersecurity as an essential part of patient care and a business initiative necessary for organizational excellence. That shift is already underway, but it will become the defining feature of mature healthcare organizations in the years ahead. Every strategic business plan should prioritize cyber resilience as one of the top three concerns. Fifty-nine percent of healthcare organizations already assign cybersecurity KPIs across leadership, which is a strong sign that resilience is increasingly seen as a shared responsibility across departments. 

Advancing healthcare security requires a collective understanding that cyber risk must be addressed across strategy, design, and daily operations. A truly cyber-resilient culture is one where everyone, from leadership to frontline staff, understands their role in protecting systems and patient data. That means ensuring employees can recognize common attack methods like phishing or ransomware and know how to respond. Resilience depends on vigilance: monitoring, reporting, and mitigating threats must be continuous and built into the rhythm of how healthcare organizations operate every day. 

AI will play a pivotal role in shaping the resilient hospital of the future. Beyond diagnostics and automation, it will serve as the backbone of intelligent defense by detecting anomalies, predicting vulnerabilities, and coordinating rapid responses across interconnected systems. Machine learning will help correlate network activity, medical device behavior, and patient data to identify threats before they disrupt care. At the same time, AI-driven analytics will enhance clinical operations by ensuring data integrity, reducing downtime, and supporting real-time decision-making during incidents. 

The success of this transformation depends on responsible AI governance, ensuring that these systems are transparent, ethical, and aligned with healthcare’s mission to protect human life.