As healthcare organizations come face to face with an unruly wave of cyber threats, the need for a more resilient, forward-thinking approach to security has never been more urgent. Recently, leaders from NextGen Healthcare, Tevora, and Stellarus came together for a powerful discussion on how to prepare for what’s next in healthcare cybersecurity, where the biggest threats are emerging, how policy and HIPAA are shifting, and what forward-thinking healthcare organizations are doing to combat threats. Watch the webinar below.
The Threats Are Real and Rising
The growing threat of cyberattacks across the healthcare landscape is ubiquitous. In 2024 alone, a staggering 92% of healthcare organizations experienced some guise of a cyberattack. Beyond data loss, these attacks put entire clinics and communities at risk.
Data breaches not only escalate the risk of data exfiltration and access to data that is unauthorized, but there’s real operational impact of systems being down and that blast radius can spread out to other ancillary systems. It starts usually from an end user clicking on a link, opening an attachment, or downloading a file. From there, it could easily spread to your EHR, your X-ray systems, and so on, possibly a complete network outage. This can directly impact the health and well-being of entire communities.
Hospitals and clinics are at risk of going out of business because of ransomware and supply chain attacks. These realities highlight the need for robust third-party risk management and other strategies to manage risks you can’t directly control. At the same time, the world of innovation is growing rapidly, powered by intelligent technologies that elevates security processes. But with that innovation comes responsibility—to secure systems, protect data, and ensure continuity of care.
AI is a Double-Edged Sword
Artificial Intelligence (AI) has significantly lowered the barrier to entry for launching sophisticated cyberattacks in healthcare. The breaking down of guardrails, coupled by scalability, can be a lethal combination. AI is both accelerating threat tactics and offering new defense capabilities. Sophisticated phishing, identity spoofing, and malware development is on the rise. Leveraging AI for behavioral detection, automated triage, and predictive response can be a first-line of defense.
For us to accelerate our ability to protect an organization, we must put the right controls in place. I think about AI increasing our responsibilities—using artificial intelligence, especially agentic AI and large language models to automate, accelerate, and enhance our ability to respond to attacks. You have security products but imagine a future where security products can be launched to address specific threats and attacks in real time—companies developing controls and capabilities on their own, with their own intelligence. We'll have to figure out a way in the future to combine forces and ensure that we are doing the right things to fight the bad guys, responding to cyberattacks like an immune system responds to a pathogen.
Effective communication about risk requires a clear understanding of an organization’s risk tolerance. While risk professionals often advocate for reducing risk, security investment must be aligned with risk tolerance and business objectives. Since eliminating all risk is impossible, the goal is to align risk management efforts with what is acceptable or tolerable for the organization. Achieving a shared understanding is essential for meaningful dialogue with leadership and stakeholders.
HIPAA Is Changing and So Should Your Strategy
With proposed HIPAA Security Rule updates on the horizon, organizations need to move beyond checkbox compliance. Key updates include mandatory asset inventories, stricter incident response protocols, and continuous third-party risk monitoring.
Asset inventories aren’t anything new. The way you treat your asset inventory is the baseline when looking at your tools and where your assets are—knowing your data flow diagrams and where your data goes. You want to know how many assets you have in your endpoint management; how many things have been scanned and need to be compared against your baseline. Knowing where your assets are is a requirement. Make sure your asset inventory is being updated and continues to be well documented.
Updated regulations ask organizations to map out incident response plans. Your plans should be tested regularly to ensure efficacy. Discussions with Chief Information Security Officers (CISOs) from other health systems—especially those who have experienced cyberattacks—is important to integrate clinical and business continuity plans. Emphasize preparedness to respond swiftly and effectively to cyber incidents.
Innovation Must Be Intentional
Strategies like Zero Trust architecture, behavioral identity management, and secure-by-design cloud systems offer safety nets, but require coordination across IT, clinical, and executive teams. Cybersecurity cannot be siloed. It must be part of broader digital transformation strategies that account for interoperability across EHRs, third-party apps, and devices.
Conceptually, Zero Trust means no device or user can truly be trusted, regardless of their location. This shift has compliance implications. Even non-PHI (Protected Health Information) systems can be leveraged in lateral movement and should be protected under Zero Trust principles that contribute to risk reduction. While compliance and security overlap, Zero Trust emphasizes proactive, identity-based security beyond basic measures like multi-factor authentication (MFA), focusing on building a comprehensive user profile to enhance protection.
Communication Is a Security Tool
CISOs must become fluent in the language of risk. Whether seeking budget, building culture, or gaining executive buy-in, the key to success lies in making cybersecurity a business conversation—not a technical one.
Resiliency planning is essential. Technology can and will fail. Develop and continuously test business continuity and disaster recovery plans. The goal: to ensure that your organization can continue functioning even if core systems are compromised or offline.
Identity and data management are foundational to modern cybersecurity. As identity becomes key to security and data permeates across environments, organizations must strengthen identity resilience. This includes implementing robust MFA, single sign-on (SSO), and having contingency plans in place if identity providers fail. Not only is communication across your organization essential, effective data governance goes beyond policy and must focus on tactical enforcement to truly secure sensitive information.
Learn more about our approach to AI-supported healthcare solutions here.
Meet NextGen Ambient Assist, your new AI ally that generates a structured SOAP note in seconds from listening to the natural patient/provider conversation.
Read Now