In this day and age of cyberattacks and digital hacks that target entities within the healthcare space, a good and growing defense is now an absolute must. Counterintelligence for hospital IT staff involves getting your mind inside the head of the hacker. What’s his next move; when is he more likely to strike; and where is the weak link in your defenses?
The team at Healthcare Dive recently interviewed some folks who’ve been giving these above questions a lot of thought. Below are the main takeaways from that conversation.
A Reminder of the Risk
“Healthcare has never been more vulnerable to cyberattacks.” That is an unfortunate reality in 2025. Think about how much we rely on digital medicine these days. As early as 2021, 96% of hospitals had adopted an electronic medical record (EMR) system; telehealth has rapidly grown in popularity; and the use of computerization, generally, and artificial intelligence (AI), particularly, is presenting potential bad actors with a wide array of juicy targets that simply weren’t there when everything was paper driven.
As a reminder, cyberattacks can and already have caused great harm to the country’s healthcare sector. They have:
- Fouled up online systems
- Interfered with the claims-submission and payment process
- Hacked in to personal data, including protected health information (PHI) of patients
- Extorted large amounts of money with ransomware attacks
- Interfered with patient care.
This is the new reality, and hospitals must engage in a sophisticated counterintelligence operation to safeguard critical systems and patient data. In addition, providers must ensure they’re complying with a growing number of state and federal cybersecurity regulations—all while navigating historic financial challenges, including low margins, federal spending cuts and high workforce turnover.
Countermeasures
Below are four tips that hospital leaders can use in their preparation against cyberattacks. Again, these are courtesy of the Healthcare Dive discussion with cyber experts.
- Invest in recovery, not just prevention. Facilities should focus on continuity plans for patient care and practice what it would look like to operate in downtime, or when internet systems are taken offline by cyberattackers. Here’s what William Scandrett, chief information security officer at health system Allina Health, had to say on the subject:
We have to spend as much time on recovery and operating in downtime as we do in prevention. It’s like buying insurance. It’s really expensive, and if something bad happens, we’re really glad we had it.
According to Heather Costa, director of technology resilience at the Mayo Clinic, “hospitals should prioritize operations that must be recovered first, like those with life-or-death impacts on patient care.”
- Train and train again
According to Joshua Justice, cyber threat intelligence manager at Health-ISAC, “cyberattack response and preparation plans should be extensive and updated often.” One of the best ways to ensure each organization has a prepared incidence response plan is to focus on training exercises. Examples include tabletop exercises and discussion-based simulations.
- Assessing vendor risks
As the healthcare sector becomes more digital, hospitals increasingly contract with outside organizations for claims processing, remote patient monitoring, EMR and other workflows. This interconnectedness can open the door to cyber threats, and an attack at a third-party vendor can compromise facilities.
Accordingly, hospitals and health systems should conduct due diligence on their vendors from a cyber context prior to contracting with them. What is their mechanism for monitoring? How do they ensure that their security practices are sound? These questions and more should be asked and sufficiently answered before utilizing the vendor’s services.
- Navigating differing regulations
Finally, hospitals should review and be careful to follow state and federal regulations for reporting and data security. Aligning with the various HIPAA regulations is particularly important. Pavel Slavin, CISO of Endeavor Health, says that “hospitals need to make sure they’re on top of their reporting requirements or risk falling behind after a cyberattack.”
Healthcare organizations may also need to contend with additional regulations from vendors, according to the experts. Contracts between vendors and organizations may mean hospitals need to report cyberattacks earlier than they need to report them to regulators.
So, there’s more to cybersecurity than having the latest safeguards in place. Attention to detail, including the implementation of preventive measures, is absolutely critical. Remember, the attacks are coming; it’s just a matter of when.