Healthcare is under siege, and it's not just from viruses and diseases. Cyberattacks are becoming the silent epidemic threatening patient care and financial stability. The EY US-KLAS healthcare cybersecurity survey reveals a startling truth: 81% of healthcare organizations now recognize that cybersecurity must be woven into the very fabric of their business strategy, not just treated as a defensive afterthought. But here's where it gets controversial: is the healthcare industry moving fast enough to keep up with the evolving sophistication of cyber threats?
The stakes are higher than ever. Over the past two years, 72% of healthcare organizations have suffered moderate to severe financial losses due to cyber incidents. And this is the part most people miss: it's not just about money. Operational disruptions (60%) and clinical consequences (59%), such as delayed treatments and eroded patient trust, are equally devastating. On average, healthcare organizations faced five different types of cyber threats in the past year, with phishing, third-party breaches, and malware leading the charge.
Ernst & Young LLP (EY US) and KLAS Research (KLAS) have released their US Healthcare Cyber Resilience Survey, which gathered insights from 100 healthcare executives responsible for cybersecurity decisions. The findings are clear: healthcare systems must elevate cyber resilience to a strategic priority to protect patients, improve outcomes, and create long-term value. But how? The survey highlights six critical strategies for health executives to fortify their cyber defenses:
- Cyber as a Strategic Imperative: Align cybersecurity with business goals to reduce risk and enhance outcomes.
- A New Playbook for Digital Identity: Tackle AI-driven threats and the rise of nonhuman identities head-on.
- Cyber as an Innovation Enabler: Leverage cybersecurity to support AI, automation, and remote care models.
- Future-Proofing the Workforce: Address talent shortages and upskill employees across the organization.
- Beyond Compliance: Shift from regulatory checkboxes to strategic risk management.
- Disrupting Third-Party Risk: Strengthen vendor oversight and ecosystem visibility.
Here’s a thought-provoking question: Are healthcare organizations investing enough in identity and access management? The survey says yes—68% plan to prioritize it in the coming year. But is that enough when 81% believe cybersecurity must be a core business strategy? And while 52% see training as a key tool, is half enough to combat the ever-evolving cyber landscape?
Key takeaways from the report include:
- Strategic Shift Needed: Cybersecurity must be seen as a business enabler, not just an IT issue.
- Widespread Impact: Over 70% of organizations faced significant disruptions, underscoring the need for proactive investment.
- Securing Access: With AI-driven threats on the rise, identity controls and vendor oversight are critical.
- Innovation and Trust: Robust cybersecurity is essential for modernizing care while maintaining patient trust.
"Healthcare leaders must prioritize workforce cyber training and readiness to unlock the full value of cybersecurity investments," said Nana Ahwoi, EY Americas Consumer and Health Cybersecurity Industry Leader. But here’s the real question: Are we doing enough to prepare for the cyber threats of tomorrow?
For more insights, access the full report here.
About EY: EY is shaping a better working world by creating value for clients, people, society, and the planet. Powered by data, AI, and advanced technology, EY teams operate in over 150 countries, offering services in assurance, consulting, tax, strategy, and transactions.
About EY Consumer and Health: With the rise of empowered consumers and digital entrants, EY’s 34,000 professionals help healthcare organizations rethink business practices, design patient-centric models, and thrive in a transformative ecosystem.
About KLAS: KLAS is on a mission to improve healthcare through data-driven insights, collaborating with thousands of professionals to deliver reports that drive vendor performance and best practices. Learn more at klasresearch.com.
Contact: Caroline Acton, emailprotected.
