Dr. John Dunning in the lab
Bettman Archive
Hospitals and health systems face shrinking profit margins, workforce shortages, and rising patient expectations, making the balance between quality care and value-based models increasingly difficult. While AI is often seen as a quick fix, healthcare CIOs must urgently address fundamental gaps in cybersecurity, operations, and the clinical workforce.
cyber security
As we enter October, a month dedicated to cybersecurity awareness, this is a timely reminder for healthcare CIOs to prioritize one of their most pressing concerns: cybersecurity. This month could be a starting point for reevaluating and strengthening your healthcare organization's cybersecurity practices.
A recent report from Sophos shows that ransomware attacks are on the rise, impacting 73% of healthcare organizations in 2024, up from 66% in 2023. Factors driving this surge include the increasing sophistication of cybercriminals, the proliferation of legacy systems, and the expansion of the attack surface due to the digitalization of healthcare. Hybrid remote and in-person care models also increase vulnerabilities by increasing entry points for cyberattacks. For CIOs, the need to regularly review and update their organization's security posture has never been clearer.
Healthcare industry leaders face a critical dilemma when deciding whether to pay a ransom during a ransomware attack. According to a Sophos report, 60% of healthcare organizations affected by ransomware chose to pay the ransom. However, only 47% of those who paid were able to recover all their data. This statistic illustrates the uncertainty and risk of relying on cybercriminals to restore access to critical systems.
Data on ransomware attacks reminds healthcare CIOs that paying the ransom is not a guaranteed solution. Instead, investing in a robust backup and disaster recovery solution is essential to ensure data recovery, break the attack cycle, and thwart cybercriminals without resorting to paying a ransom. Medical industry experts advise against paying the ransom.
The report also focuses on the evolving landscape of cyber insurance. While some of the costs of ransomware can be offset, securing coverage is becoming increasingly complex. Many insurance companies now require healthcare providers to demonstrate advanced cybersecurity controls as a condition for coverage. This highlights the need for CIOs to balance reliance on cyber insurance with investing in preventive measures. A comprehensive cybersecurity strategy is essential in today's digital healthcare environment.
Gap between IT and clinical teams
A study published by Symplr reveals a gulf between IT leaders and clinicians. Clinicians (72%) believe they should have more influence in software purchasing decisions, but IT leaders (60%) and operations leaders (51%) believe clinicians should be involved. I am reluctant to do so. Furthermore, only 57% of clinicians feel that hospital operations software allows them to provide the best possible patient care.
Healthcare CIOs have a long history of collaboration with clinical leaders, such as chief medical officers and chief medical information officers. However, vendor selection involves more than just physician “superusers.” The key is to engage them from the beginning. Similarly, clinical leaders should include IT from the beginning when considering technology solutions, rather than after decisions have been made. This close communication between clinical and IT teams is critical to bridging the gap and ensuring the best possible patient care.
As 2025 approaches, healthcare leaders must focus not only on AI but also on strengthening foundational elements like cybersecurity and bridging the gap between IT and clinical teams. These initiatives may not be as flashy as AI deployments, but they are essential to keeping organizations safe and ensuring sustainable progress. Prioritizing robust processes over quick technology fixes will ultimately promote long-term success and enable health systems to thrive in an increasingly digital world.
