1 day Ago By Fran Rosch, Forbes Councils Member
Fran Rosch is the CEO of Imprivata, a digital identity company for life- and mission-critical industries. Despite ramping up cybersecurity investments, a March 2024 U.S.
Department of Health and Human Services report found that healthcare systems experienced a 264% increase in ransomware attacks over the previous five years. Healthcare spends the most compared to other industries when remediating attacks, with the average cost of a data breach in healthcare exceeding $9.7 million .
These attacks also lead to disruptions in care, risks to patient safety, compliance infractions and reputational damage. As the industry continues navigating this rapidly evolving landscape in 2025, the situation will only worsen unless organizations can effectively improve cybersecurity. To be truly effective while working with limited budget and resources, healthcare IT and security leaders will look to innovate with solutions that make improving security simple—with technologies like passwordless authentication, mobile devices, AI and third-party security rising in popularity.
Increasing Health IT Budgets Signal Push For Digital Maturity I attended the CHIME24 Fall Forum, a conference led by the College of Healthcare Information Management Executives (CHIME) that brings together digital health leaders to develop initiatives to advance healthcare. At the conference, CHIME released its 2024 National Trends Report evaluating the progress of digital health in the U.S.
The findings predicted a future with greater IT budget allocations, more focus on cybersecurity and infrastructure, and continued expansion in technology use to improve healthcare outcomes and efficiency. Dark Web Facial ID Farm Warning—Hackers Build Identity Fraud Database Today’s NYT Mini Crossword Clues And Answers For Friday, December 27 NYT ‘Strands’ Today: Hints, Spangram And Answers For Friday, December 27th As I spoke to healthcare professionals about their organizational challenges and initiatives, I was left with an overarching takeaway: Healthcare organizations, now more than ever, need simple and effective security. With increased health IT budgets, it's crucial for organizations to not just invest in technology but to do so strategically by tailoring their cyber strategy to healthcare's unique and complex characteristics.
The Need To Enhance Efficiency, Mobility And Security A 2024 Verizon report found that mobile malware and phishing attacks targeting devices have increased , with attackers exploiting weaker defenses on these platforms. This is a growing concern for IT and security leaders, especially as a 2024 Ponemon Institute research report we sponsored found that 64% of healthcare organizations are unable to protect data and privacy by locking down devices between each use. Security measures must secure access to protected health information (PHI) without impeding the workflow of clinicians.
However, this is a delicate balance to achieve, as security protocols effective in other sectors may not be suitable for a healthcare environment. The Ponemon report found that only 40% of healthcare organizations described the end-user experience on mobile devices as satisfactory. AI Innovation Takes Center Stage To no surprise, GenAI has become a widely popular time-saving tool, being used in many ways like clinical decision-making and predictive analysis.
However, GenAI also raises concerns about data privacy breaches due to the large amounts of sensitive patient data needed to utilize it. In addition to GenAI, all forms of AI are becoming more pervasive in healthcare, underscoring the need for greater education about the risks and opportunities associated with it. For example, AI and machine learning (ML) tools can be leveraged to improve threat detection and response times.
However, with so many unknowns surrounding this new technology, any AI strategy must be carefully tailored to the unique cybersecurity and compliance needs of the healthcare industry, being mindful of stringent regulatory requirements like HIPAA. Vendor Security Is Paramount The CHIME report also underscores the need for improved vendor security in healthcare, as recent supply chain attacks indicate. From vendors to partners to contractors, third parties are a vital and inevitable part of today's business environment.
While all industries use vendors, healthcare is especially reliant on help from outside vendors given the global shortages of healthcare staff and other resources. Each of these interactions introduces potential vulnerabilities, especially if third-party providers do not adhere to stringent cybersecurity practices themselves. The increasing reliance on third parties for critical services amplifies the risk of breaches through external entities, as 56% of organizations reported having experienced a third-party data breach in 2022.
Yet despite the significant and acknowledged risk, more than half of organizations say they do not have effective controls for mitigating third-party access risk. Preparing Healthcare For The Threats Of Tomorrow, Today As healthcare organizations adapt their tech strategy for the trends of 2025, it is paramount for IT and security teams to collaborate cross-functionally with clinicians during this process. This is essential to ensure any technology deployed to enhance security is tailored to meet the unique clinical workflow needs required for patient care.
For instance, while complex passwords are a common cybersecurity best practice, they slow down clinicians who may access the electronic health records (EHR) system and other applications hundreds of times per shift. Each access requires authentication, and if this involves manually typing a username and complex password on a mobile device, it can create barriers and frustrations. To overcome these challenges, IT teams should look for solutions that streamline and secure access.
Passwordless authentication can help by eliminating the need for time-consuming logins. IT teams should ensure their access management strategy is capable of enforcing identity-based security policies, monitoring device usage and ensuring compliance. Tools leveraging AI and ML can also help organizations make informed decisions about workflow improvements by providing visibility into user behaviors and system usage.
This includes addressing failed login attempts, adoption issues and user efficiency—which can help track security risks, drive technology adoption and save on IT operational costs. This ultimately contributes to a more efficient and effective healthcare system. To address the risks that an increased reliance on vendors introduces, healthcare organizations must adopt a comprehensive vendor access management strategy.
This should include a rigorous vetting and procurement process and a thorough security assessment for any new vendor. Organizations can also reduce risk by considering vendor consolidation where possible as well as implementing strict access controls, monitoring third-party activities and employing the principle of least privilege access. By taking a strategic, collaborative approach, the healthcare industry can build a resilient environment that protects patient data, ensures compliance and maintains trust—safeguarding patient care and organizational reputation.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?.
