
Cybersecurity in health care improves, but needs more attention
Hospitals and health systems are doing more to counter cyberattacks, but there is also the need to focus more effort in protecting systems and patients.
As more hospitals and health systems have experienced ransomware attacks, it’s safe to say that cybersecurity certainly gets more attention than it did a few years ago.
But given the risks cyberattacks pose to patient care and the financial solvency of hospitals, it’s an area that probably requires more time and energy, experts generally agree.
When asked if he sees greater urgency on cybersecurity since the Change Healthcare cyberattack, Wolf responds, “I'm going to say yes, but still not enough.”
“Cybersecurity, it’s one of those table stakes issues,” he tells Chief Healthcare Executive®. “Do I have the right number of locks on my doors and windows in my house? If someone's really determined to come in, at what level can I build towards? Do I have the expertise? Am I getting the right guidance?”
The University of Mississippi Medical Center said in late February that
The Mississippi system is hardly alone, as
With hospitals, cybersecurity involves challenges on a number of fronts. Hospitals must make sure they’re protecting their own systems, and they have to train staff on basics in cybersecurity. As Wolf says, breaches often occur when individuals make a mistake and click on something they shouldn’t.
But hospitals also deal with literally hundreds of vendors, and analysts
Wolf doesn’t diminish the strides that hospitals have made.
“People are absolutely focused on it,” Wolf says. “It doesn't get the sizzle that it probably deserves, because we're all focused on some other aspects, like AI and things of that nature. But let's just call it out. It's absolute table stakes.”
Cybersecurity experts say hospitals need to recognize that hacking and ransomware attacks are essentially inevitable, and they need to build the best defenses they can manage. They also need robust plans to respond in the event of an attack, including detailed steps to manage patient care without computer systems.
“It's never going to go away,” Wolf says. “I just think that part of the investment of every question you should be asking in anything you're doing, whether it's a simple or complex technology, is, how is it going to impact my vulnerability?”
But Wolf also acknowledges that hospitals face tough choices when it comes to cybersecurity.
“It comes down to …. how strong are the locks on the doors? How much do I need to invest in order to do it, and what do I give up in order to do that?”
Breaches can be expensive for hospitals and health systems.
Even larger health systems with considerable resources face challenges in investing in cybersecurity, but smaller hospitals and health systems face more painful decisions.
For some, it’s the question of spending more on cybersecurity when faced with adding even basic equipment.
“These are investment choices, and they've got to figure out, at what level of risk do I carry as an organization? Because I do need that MRI machine, you know, and that is really critical, or I can't deliver care,” he says. “So these are the choices that are being made every day in our hospitals.”
Chief Healthcare Executive® is reporting from the HIMSS 2026 conference in Las Vegas. Look for our coverage.































































