As cyber threats in healthcare continue to evolve at an unprecedented pace, organizations must adopt innovative strategies, foster cross-industry collaboration, and take a proactive approach to cyber resilience. At this year’s HIMSS Healthcare Cybersecurity Forum, industry leaders gathered to discuss the most pressing cybersecurity challenges, and the strategies needed to protect patient data and critical healthcare infrastructure.
Key topics from the forum included:
- AI & Cybersecurity – Leveraging artificial intelligence for enhanced threat detection and automated response.
- Ransomware Resilience – Implementing best practices to prevent, mitigate, and recover from cyberattacks.
- Zero Trust & Identity Security – Strengthening access controls and authentication to reduce risk.
- Third-Party Risk Management – Ensuring vendor security in an increasingly interconnected ecosystem.
- Cloud Security & Compliance – Managing the complexities of cloud-based healthcare operations.
A key takeaway from HIMSS 2025 is that cyber threats are no longer a question of if, but when – emphasizing the urgent need for proactive defense strategies. The organizations that proactively prepare for cyber incidents will minimize downtime, reduce financial and reputational damage, and ensure continuity of patient care.
Key Takeaways: Cyber Resilience Starts with Preparation
A central theme of the HIMSS Cybersecurity Forum was the need for structured, proactive preparation. The “72 Hours, 72 Days” cyber resilience model emphasizes the importance of rapid response times and pre-established recovery strategies.
Understanding Healthcare’s Expanding Attack Surface
Healthcare IT environments present unique vulnerabilities due to their complexity and reliance on legacy systems. Key risk factors include:
- Open network protocols and outdated operating systems.
- The presence of virtualization and third-party dependencies.
- Security gaps in multi-factor authentication (MFA) and identity management.
- Overly centralized admin privileges that allow single-point failure risks.
Without a well-defined cybersecurity strategy, these weak points become doorways for cybercriminals.
The Cost of Unpreparedness: Delays, Confusion, and Lost Revenue
A lack of preparation in cyber incident response leads to delays and uncertainty, dramatically increasing costs. Healthcare organizations that lack a well-practiced incident response (IR) plan often face:
- Extended downtime and operational disruptions.
- Uncertainty about the attack’s origin, scope, and impact.
- Unstructured, manual recovery processes that slow restoration.
- Potential patient safety risks due to inaccessible health records.
The best-prepared organizations can move from crisis to recovery in hours, not weeks.
Building a Resilient Healthcare Cyber Strategy
HIMSS reinforced that healthcare organizations must shift from reactive cybersecurity to proactive resilience. A comprehensive cyber defense strategy should include:
- Incident Response & Recovery Playbooks: Clearly define who is responsible for what during a breach and ensure IR teams are pre-trained.
- Automated Threat Hunting & AI-Driven Security: Reduce human error and improve early threat detection.
- Pre-Provisioned Recovery Environments: Isolated Disaster Recovery (DR) systems enable rapid restoration.
- Zero Trust Architecture & Identity Security: Limit access and verify every user and device before granting permissions.
- Backup Validation & Malware Scanning: Ensure clean recovery points to avoid reinfecting systems.
The Minimum Viable Hospital: Prioritizing Critical Systems
One of the most valuable takeaways from the forum was the concept of a “Minimum Viable Hospital”—the set of essential systems that must remain operational to ensure patient care continues even during a cyber crisis.
These include:
- Active Directory & DNS (authentication and network management).
- Collaboration Tools (secure communications, phones, email).
- Electronic Health Records (EHR) (Epic, Cerner, Meditech).
- Timekeeping & Payroll (ensuring workforce continuity).
- Pharmacy & Radiology Applications (for medication and diagnostics).
Defining and securing this core set of applications ensures hospitals can continue admitting, treating, and discharging patients—even in the face of an attack.
Beyond the Forum: Taking Action to Secure Healthcare
The HIMSS Healthcare Cybersecurity Forum reinforced a vital truth—cybersecurity is not just an IT issue; it’s a patient safety issue.
Healthcare organizations must move beyond passive risk acceptance and take active steps to build resilience. A well-executed cybersecurity strategy helps reduce financial losses, avoid regulatory fines, and most importantly, protect patient lives.
References
- HIMSS Healthcare Cybersecurity Forum. (2025). HIMSS Cybersecurity Forum 2025. Retrieved from HIMSS Conference Website.
- Howell, J. (2024). Restore your Clinical Environment in 72 Hours, Not 72 Days: Building the Foundations for Cyber Resilience in Healthcare. Rubrik.
Original article published by John Engerholm on LinkedIn