Addressing growing and inevitable cyberthreats in health care

Cybersecurity threats are affecting health care organizations across the board, from small physician practices to large enterprises. It is no longer a question of whether an attack might happen, but when.

Evolving threat landscape

“Health care now operates across multiple digital channels, including telehealth, apps and connected medical devices, increasing opportunities for cybersecurity disruption,” says Michael Haas, a health care senior analyst at RSM US LLP.

Organizations of all sizes have experienced cyber incidents, including rural hospitals, physician practices and billion-dollar organizations. These events can disrupt operations, particularly when hackers gain access to patient data or prevent organizations from accessing their medical records via ransomware events.

We have moved beyond traditional in-office settings and are more exposed than ever in the health care environment. With patients using multiple channels beyond brick-and-mortar care, organizations face increased exposure due to a growing number of access points for cyberattacks, says Haas.

He further highlights that in many cases, organizations are not immediately aware an attack has occurred. It may take several days, even weeks, before disruptions make the issue visible, such as when systems stop functioning as expected.

“Organizations must understand their tech stack, including enterprise resource planning, electronic medical records (EMRs) and embedded AI, as well as their third-party/cloud dependencies, and establish clear policies around how AI interacts with data,” says Haas. “This requires strong governance with input from leadership, IT and clinical teams to ensure a holistic approach.”

Key vulnerabilities and risk areas

Several factors that contribute to increased cybersecurity risk in health care include:

Cyberattacks in health care often target patient data due to its sensitive nature and presence in EMRs, data lakes and other locations. In addition, ransomware attacks can lock organizations out of their own systems. For example, if providers cannot access a patient’s medical record, they may be unable to review medications, allergies or treatment history, which can prevent procedures from taking place.

Balancing cost and cybersecurity investment

Many organizations face financial constraints when investing in cybersecurity. Rising costs and reduced reimbursements require leaders to make decisions about where to allocate resources.

When evaluating these investments, organizations should consider the impact of system downtime. If EMRs are unavailable, patient procedures may be delayed or halted.

Managing risks

Organizations are taking steps to address cybersecurity risks. Considerations include:

“Implementing multifactor authentication is a quick win you can set up today that will impact tomorrow,” says Haas.

He further highlights that multiple solutions are available, and organizations must evaluate what works best for their specific needs. Higher interest rates have increased the cost of long-term investments and reduced the flexibility to pivot, leading organizations to conduct more due diligence up front, rely on external assessments and choose solutions that align closely with their strategy.

Looking ahead, organizations should focus on building resilience, in part by developing contingency and disaster recovery plans.

Organizations may need to rely on backup or legacy systems or establish alternative arrangements through partnerships or joint ventures to continue operations.

Ultimately, cybersecurity efforts in health care involve both defending against threats and preparing to respond when disruptions occur.

For deeper insights on this topic, read the RSM US Middle Market Business Index Special Report: Cybersecurity 2026.