Logo
↩ Return to Blog
Cyber Security
January 28, 2026
Cyber Security: The Year In Review

Cyber Security: The Year In Review

We live in a digital world; you know that, right? I mean, we can romanticize about days gone by when mankind was completely delinked and detached from any notion of reliance upon advanced, sophisticated electronics: the ranch hand mending fences, the bookkeeper penciling in figures and the soda jerk making a malt. Only today, the cowboy drives home in a Cybertruck, the accountant uses a data-driven software program and the malt-maker has you pay with a digital card reader.

Cyber Security: The Year In Review

Share

Since we all have some measure of reliance on digitized information on a daily basis, it may be a good idea to determine the risk incurred by such reliance. And, here, we’re not just talking about cyber bullies responding to your post on any number of social media apps; no, we’re suggesting that it is incumbent upon business entities—including hospitals and health systems—to undertake a serious inventory of their security measures against hackers, whackers and bad actors.

Because they are out there.

With that in mind, we are fortunate that the American Hospital Association (AHA) has recently compiled its latest findings on the incidence of cyberattacks and the state of cyber security based on a review of 2025 data. Those findings are presented below.

Increased Risk

Looking back on the industry-shaking Change Healthcare cyberattack, in addition to others, it was noted that over 80% of the stolen protected health information records were not stolen from hospitals; rather, they were stolen from third-party vendors, business associates, and non-hospital providers and health plans, such as the Centers for Medicare & Medicaid Services (CMS).

As noted by the AHA, hospitals depend on third-party providers for services, technology and supply chain to deliver critical, life-saving functions and business operations that support clinical care. This means that when third parties get hit by a hacker, hospitals and their patients are impacted—even in circumstances where the hospital was not the direct target.

In cases of third-party provider ransomware attacks, like the one involving Change Healthcare, “there is often a cascading disruptive effect that extends to all of the customers of the victim of the attack.” The AHA refers to this as the “ransomware blast radius,” and it is critical that hospitals understand these secondary effects. Facilities should “prepare downtime procedures to account for a loss of mission-critical and life-critical third-party services, technology and supply chain—for 30 days or longer.”

The AHA has made it clear that the risk continues to grow, and it’s because of “hospitals’ dependence on interconnected digital systems and cybercriminals' highly effective hub-and-spoke strategy.” The idea is that, by gaining access to the hub (a third party’s technology), hackers gain access to all the spokes, i.e., the healthcare organizations that are the customers of the third party. This provides bad actors with “a digital pathway to infecting multiple covered entities with malware or ransomware or to extract data.”

Continuity: Business versus Clinical

According to the AHA, “hospital leadership and staff tend to interpret the concept of business continuity as more related to an IT function and responsibility, rather than a clinical function and responsibility.” They note that the impact of ongoing ransomware against healthcare demonstrates that it must be both a clinical function and an IT function.

The AHA suggests that the following questions be asked of every clinical, business and operational function:

  • What are our dependencies on network and internet-connected technology and data, and what is the impact if we lose access to our networks and the internet?
  • How will we continue to provide safe and quality care without network and internet-dependent services, technology or supply chain for 30 days or longer? For example, what is the impact and plan to diagnose a stroke patient while the Picture Archiving and Communication System is down? How do we deliver time-sensitive, lifesaving radiation oncology treatments when linear accelerators are offline for 30 days or longer?

These are questions that clinical teams are best positioned to answer, not the IT teams. Facilities need to understand and prepare not just for business continuity but also clinical continuity. The following AHA link may help toward that end: AHA Clinical Continuity Assessment.

The Role of AI

The AHA is optimistic about the potential uses of artificial intelligence (AI) within the healthcare context. They note that it can be used to “improve care delivery and patient outcomes, relieve administrative burden so clinicians have more time to focus on their patients, and streamline revenue cycle and other back-office operations.”

Healthcare organizations are also implementing AI to defend against cyberattacks. That should certainly come as no surprise. From what we understand, this technology can be used to find and address vulnerabilities found deep within IT systems. Adversaries, on the other hand, are using AI to launch and dramatically accelerate cyberattacks. In fact, the bad guys are quite adept at using this technology to carry out their nefarious schemes. Through AI, they can:

  • Imitate an executive’s voice and call the IT help desk to ask for a password reset
  • Create a deep fake video of a key person on your team
  • Craft more effective phishing emails

So, while AI can certainly assist the white hats, the black hats may have the upper hand in the use of this rapidly developing technology. That’s why this is an all-hands-on-deck moment for those in the healthcare industry. Hospitals and their business partners must make cybersecurity among their very top priorities. The current environment is that critical.

If you need more answers, we encourage you to contact the AHA as they have significant resources to assist you in guarding your data and systems.