More than 70% of respondents reported financial, operational, or clinical impacts from cyber incidents, according to a recent survey.
Ernst & Young LLP and KLAS Research released a US Healthcare Cyber Resilience Survey, which gathered insights from 100 healthcare executives responsible for cybersecurity decisions within their organization. The findings, including perspectives garnered in person in collaboration with KLAS, shed light on the need for healthcare systems to elevate cyber resilience to a strategic priority to deliver better outcomes, create value, and protect patients.Â
The survey underscores the threat of cyber vulnerabilities to business operations and patient care delivery in both large and small systems. Over 70% of health organizations reported significant financial, operational, or clinical disruptions due to cyber threats (with an average of five different types) in the past year.
“Cybersecurity is more than a compliance checkbox—it drives safe care, patient trust, and long-term success. Treating cyber resilience as a strategic priority empowers healthcare systems to thrive amid rising threats,” says Nana Ahwoi, partner at Ernst & Young LLP, in a release.
The report outlines six ways health executives can create cyber strategies to accelerate their success:
- Align cybersecurity with strategic goals to reduce risk and improve outcomes.
- Address the rise of artificial intelligence (AI)-driven threats and nonhuman identities.
- Support AI, automation, and care delivery outside traditional settings.
- Tackle talent shortages and upskilling across the organization.
- Shift from a regulatory burden to strategic risk management.
- Strengthen vendor oversight and ecosystem-wide visibility.
As cybercriminal sophistication evolves, health organizations are looking to adapt their strategies for monitoring and enforcing access controls. Sixty-eight percent of survey respondents said identity and access management would be the top priority for increasing investments in the coming fiscal year, and 81% said prioritizing cybersecurity in their business strategy is effective in overcoming challenges. Additionally, just over half of the respondents (52%) said training and upskilling personnel is another effective tool to combat cyber challenges.
Key findings from the report include:
- Strategic business priority: Healthcare leaders must shift from viewing cybersecurity as a compliance or IT issue to recognizing it as a core enabler of business strategy, patient safety, and operational resilience.
- Widespread impact: Over 70% of surveyed organizations experienced significant financial, operational, or clinical disruptions due to cyber threats—highlighting the need for proactive investment and leadership alignment.
- Securing healthcare access: With the rise of AI-driven threats and complex vendor ecosystems, healthcare organizations are prioritizing identity controls and vendor oversight to protect sensitive data and ensure continuity of care.
- Innovation and trust: Robust cybersecurity supports the safe adoption of AI, automation, and remote care models—allowing healthcare systems to modernize confidently while preserving patient trust and data integrity.
“Healthcare leaders must prioritize workforce cyber training and readiness to unlock the full value of cybersecurity investments, ensuring safe patient care and strengthening system resilience,” says Ahwoi in a release.
ID 400097899 © Wave Break Media Ltd | Dreamstime.com
