Moving from Awareness to Action: Advancing Cyber Resilience in Healthcare

As digital technologies continue to transform healthcare to open exciting new frontiers for patient care, it is also creating new opportunities for cyber adversaries, with nearly every healthcare organization having faced a cyberattack in the past year. 

The consequences are no longer hypothetical. Disrupted care, delayed procedures, and even increased mortality rates are now part of the conversation. For healthcare leaders, it’s time to move beyond traditional cybersecurity measures and focus on the new cyber imperative for healthcare: resilience. 

This is a meaningful shift—not just a reframing of existing cybersecurity tools and approaches.  

While cybersecurity focuses on preventing attacks and protecting systems through technical controls and safeguards, cyber resilience goes further by emphasizing preparedness, response, and recovery when security is inevitably compromised. In essence, cybersecurity aims to keep threats out, whereas cyber resilience ensures the organization can continue to function and quickly recover even if those defenses are breached. 

While awareness about the need for cyber resilience is growing in healthcare, getting there is proving more challenging. A recent survey of healthcare leaders conducted by CTG in collaboration with CHIME executive members reveals both progress and persistent vulnerabilities.  

Survey participants said their organizations are investing more in cybersecurity as awareness for improved resilience is growing, but many still rate their resilience as “good” or “average”—a standard that falls short in today’s high-stakes healthcare environment. 

While many feel equipped for real-time threat detection, confidence plummets when it comes to recovery, response, and engagement from non-IT staff to enable rapid restoration of operations. This uneven readiness can spell trouble when every second counts during a disruption. 

The Human Impact: Resilience and Patient Care 

The future impact of an ever-evolving threat landscape is impossible to predict as bad actors continue to evolve their attacks leveraging new technologies and attack vectors. This uncertainty was top-of-mind for survey respondents who pointed to a new breed of threats that are rapidly gaining ground. 

AI-powered cyberattacks—including deepfakes, generative phishing, and sophisticated social engineering—have emerged as top concerns, while supply chain vulnerabilities were also front and center, with organizations increasingly dependent on third-party vendors that may not have robust security measures in place. 

Ransomware continues to be a major concern, especially as attackers shift to encryption-less tactics that threaten to expose sensitive data rather than simply lock it down. Meanwhile, advanced phishing attacks capable of bypassing multi-factor authentication are making it harder than ever to protect critical systems and patient information. 

Unfortunately, these attacks can have a dire impact on patient care. When hospital systems go down, the effects ripple through every aspect of care delivery. Delays in procedures and tests become common, and critical patient information can become inaccessible at the worst possible moment. The survey and supporting research show just how serious these impacts can be: 

• 69% of affected organizations reported disruptions to patient care. 
• More than 50% saw delays in procedures and tests, while 25% linked attacks to increased patient mortality. 
• Supply chain attacks were most likely to disrupt care, with 82% of those affected reporting direct patient impact. 

Those numbers are not likely to improve if healthcare organizations place too much faith in traditional cybersecurity tools and approaches. Budget pressures, workforce shortages, and gaps in executive understanding remain persistent obstacles to building the resilience that can sustain patient care and overall operations when disruptions occur.  

Healthcare’s complexity—multiple systems, sensitive data, and a diverse workforce—demands a more holistic approach wherein every employee understands how to continue working during a disruption and contribute to a fast and orderly recovery. Leadership buy-in, cross-functional training, and clear governance must underpin any technical solution. 

Charting a New Course: Recommendations for Healthcare Leaders 

While healthcare leaders are increasing their awareness about the need for cyber resilience, the pace of change in the threat landscape calls for more urgent action. Traditional cybersecurity approaches that emphasize detection and prevention are no longer sufficient when patient safety and trust are on the line. 

To build the kind of resilience that today’s healthcare environments demand, leaders should: 

• Make cyber resilience a leadership priority. Ensure that cyber risk is a standing agenda item at the board and executive level. Leadership must set the tone, allocate resources, and drive accountability for resilience initiatives. 
• Invest in modern, adaptive technologies. Deploy advanced solutions such as AI-driven threat detection, automated incident response, and robust backup systems to strengthen both prevention and recovery capabilities. 
• Foster a culture of cyber awareness across all staff. Go beyond IT by providing regular, role-specific training for every employee. Encourage reporting of suspicious activity and make cybersecurity a shared responsibility throughout the organization. 
• Conduct comprehensive, organization-wide incident response drills. Regularly test and refine incident response plans through simulations that involve clinical, administrative, and technical teams. Ensure everyone knows their role during a disruption. 
• Strengthen supply chain and third-party risk management. Evaluate and monitor the cybersecurity practices of vendors and partners. Require clear security standards and integrate third parties into your incident response planning. 
• Consider a resilience partner. Seek third-party expertise to fill skills and knowledge gaps that can hinder the implementation of resilience strategies or derail them down the line. 
• Continuously assess and adapt. Regularly review your cyber resilience strategies and update them in response to new threats, regulatory changes, and lessons learned from real-world incidents. 

By embracing a proactive, organization-wide approach to cyber resilience—one that values both technological innovation and human expertise to enable resilient and agile operations—healthcare leaders can better safeguard their missions and the communities they serve.