Estimated reading time: 5 minutes
Cyberattacks on healthcare systems directly impact patient care. They force a return to manual processes, delay or cancel surgeries, and increase the risk of medical errors. A new survey shows that 81% of healthcare leaders now recognize that healthcare cybersecurity is not just a technical issue; it’s a strategic priority tied to patient outcomes.
The 2025 report, by Ernst & Young LLP (EY US) and KLAS Research, surveyed 100 healthcare executives across providers, insurers, and life sciences. It reveals how cyber incidents are disrupting financial performance, operations, and—most critically clinical care delivery.
“Cybersecurity is more than a compliance checkbox — it drives safe care, patient trust, and long-term success,” said Nana Ahwoi, EY Americas Health Cybersecurity Leader. “Treating cyber resilience as a strategic priority empowers healthcare systems to thrive amid rising threats.”
Financial and Operational Toll Rising
The study reports that 72% of organizations faced moderate to severe financial damage from cyber incidents in the past two years. Meanwhile, 60% experienced operational disruptions and 59% reported clinical consequences, including delayed treatments and erosion of patient trust.
Healthcare breach costs exceed those in other sectors. According to IBM and the Ponemon Institute, data cited in the report, healthcare breaches cost 1.5 times as much as those in finance. The EY–KLAS analysis concludes that cyber resilience investments are now essential business protections.
Cybersecurity as a Strategic Business Driver
Executives increasingly agree that cybersecurity must align with core business objectives. The report’s first chapter, “It’s Not Just a CISO Concern,” states that 65% of executives feel empowered to allocate cybersecurity funds. However, many still struggle to maintain consistent commitment amid shifting budgets.
Leaders now view cyber resilience as a shared responsibility across the entire healthcare ecosystem — from vendors to clinicians. EY recommends aligning cybersecurity with outcomes such as reduced downtime, better patient safety, and stronger financial stability.
“Cybersecurity protects patients, not just data,” the report emphasizes. Every department must “own part of the solution.”
Identity and Access Management Tops Investment Priorities
Amid AI-driven threats and nonhuman digital identities, 68% of executives plan to increase spending on identity and access management. Executives cited credential theft, weak verification, and over-provisioned accounts as major risks.
One leader described an emerging trend: fraudulent callers posing as physicians or patients to gain access to the system. With personal data widely available on the dark web, “it’s not really a good way to validate who it really is,” the executive said.
The report urges real-time ID verification, multi-factor authentication, and strict lifecycle controls to secure patient portals and clinician accounts.
Get The Cyber Insurance Upload Delivered
Subscribe to our newsletter!
Cyber as an Enabler of Innovation
EY positions cybersecurity not as a barrier but as a foundation for digital transformation. Chapter 3, “Cyber as an Innovation Enabler,” argues that secure systems enable healthcare providers to adopt AI, automation, and remote care safely.
Implementing new technologies “without considering cyber is like buying a car without seatbelts,” the report notes. EY estimates that cybersecurity directly contributes up to 20% of the value in major digital health initiatives.
Robust cyber strategies, the report says, enable safe use of wearables, data-driven care, and AI-powered operations, unlocking efficiency while maintaining trust.
Workforce Gaps Threaten Progress
A shortage of qualified cybersecurity professionals continues to strain healthcare systems. Some cyber positions remain open for years, with organizations forced to rely on contractors or managed service providers. More than half (52%) of respondents identified training and upskilling as critical to closing the gap.
Automation and AI can enhance capabilities but cannot replace human expertise. “People remain a critical cybersecurity enabler,” the report warns. EY calls for new talent pipelines, cross-training engineers, and strategic sourcing models to sustain resilience.
ONE MINUTE WATCH Healthcare Cyber Insurance is No Longer Optional
Beyond Compliance: From Checkbox to Strategy
Chapter 5 warns that compliance-focused approaches are insufficient. Many executives said regulatory audits consume time but fail to reduce risk. “Attackers innovate faster than regulators,” one leader noted.
EY and KLAS recommend shifting from regulatory burden to strategic risk management. True protection comes from well-communicated, prioritized risk strategies — not just paperwork. Leaders should view cybersecurity as both a protector and creator of business value, enabling faster adoption of innovation and building patient trust.
Third-Party Risk Emerges as a Critical Challenge
Third-party vendors remain a weak link. 68% of respondents reported difficulties enforcing cybersecurity in vendor contracts. In comparison, 56% cited regulatory concerns about third-party security.
As data flows increase through complex supply chains, visibility across the ecosystem becomes essential. “Even if incidents stem from third parties,” EY warns, “health organizations are still accountable for continuity of care.”
The report calls for stronger vendor oversight, joint accountability models, and integrated third- and fourth-party risk assessments.
Two Paths Forward For Healthcare Cyber Resilience
The report’s conclusion contrasts two types of healthcare systems. One treats cybersecurity as a regulatory obligation, reacts to breaches, and struggles to recover. The other embeds cybersecurity as a strategic pillar, empowering staff, strengthening cyber resilience, and maintaining patient trust even amid evolving threats.
EY’s message is clear: cybersecurity is healthcare’s next frontier of patient safety and innovation. Health systems that integrate it across their business strategies will build trust and thrive in a threat-filled digital era.
Related Healthcare Cyber Insurance Posts
