A new report found that, despite these disruptions, most practices do not continuously monitor their digital supply chains.
A new report from Omega Systems reveals that 85% of healthcare practices experienced at least one operational disruption caused by a third-party or “vendor-of-a-vendor” failure during the past 12 months. Despite these disruptions, 70% of leaders report confidence in the cybersecurity posture of their vendors.
The report also found a significant visibility gap behind that confidence: 63% of practices do not continuously monitor their digital supply chains. The report suggests that these disruptions have direct consequences for clinical operations. If a healthcare practice’s electronic medical records system goes down due to a cyberattack, the most likely outcomes are billing and scheduling stopping instantly and freezing cash flow (53%), loss of access to patient histories and medication lists creating malpractice liabilities (47%), and temporary or permanent practice closure (25%).
“The biggest mistake a healthcare practice can make today is assuming vendors in their supply chain are handling security, so they don’t have to,” says Mike Fuhrman, CEO of Omega Systems, in a release. “Attackers are more sophisticated, vendor networks are more complex, and regulatory requirements are stricter than ever. Practices cannot lean on the outdated mindset that cybersecurity and compliance are merely a back-office problem. It is table stakes to ensure patient safety, deliver consistent care, and keep revenue flowing.”
Cybersecurity and Recovery Gaps
The research found that 61% of healthcare leaders expect a fatal cyberattack within five years. Despite this outlook, 62% of practices still treat cybersecurity and compliance as technical line items rather than priorities for patient safety.
Recovery readiness also remains a concern. More than 8 in 10 practices have gaps in their recovery plans, and 31% are running on legacy systems that cannot quickly contain a breach once it begins.
The study also addressed the adoption of emerging technologies. While 93% of practices use artificial intelligence in patient-facing and administrative workflows, many do so without oversight to confirm the tools meet security and compliance standards. Financial incentives appear to drive this rapid adoption, as 66% of practices report that artificial intelligence-driven scheduling gains of two extra patients per day could generate $5,000 to $20,000 in additional monthly revenue.
Compliance and Managed Services
Compliance with the Health Insurance Portability and Accountability Act (HIPAA) remains a challenge. Six in 10 leaders have self-attested to compliance despite having known, unpatched vulnerabilities. Furthermore, 76% of practices report they are not ready for the proposed 2026 updates to the HIPAA security rule.
Regarding infrastructure management, 52% of practices do not use a managed security service provider, and 39% manage cybersecurity entirely in-house. Among those managing security internally, 35% say their teams are understaffed, and 23% describe their technology as antiquated. Practices that partner with a managed security service provider reported better access to capabilities such as managed threat detection, response, and next-generation firewalls.
“This data tells a governance story as much as a security one,” says Fuhrman, CEO of Omega Systems, in a release. “The practices that come out ahead won’t be the ones that buy more tools or hire more staff. They’ll be the ones where leadership decides that cybersecurity, compliance, vendor risk, and AI need to be managed together, with the right resources and outside support in place.”
ID 230014114 | Artificial Intelligence © Jack Moreh | Dreamstime.com
