Minutes matter: Why health care must move faster against cyber threats | Viewpoint

In both emergency medicine and cybersecurity, every second counts.

Preston Duren

Just as doctors and nurses have to move fast in life-threatening situations, cybersecurity teams need to identify and neutralize threats before they escalate. In health care, a delay in response doesn’t just risk data, it can impact patient care and safety.

When critical systems go offline due to a cyberattack, patient care is disrupted. Treatments are delayed, facilities are forced to divert patients to sites unprepared for the surge, and financial losses mount rapidly. U.S. healthcare organizations lose, on average, $1.9 million per day to downtime from ransomware attacks

As attacks grow in frequency and sophistication, the ability to respond quickly is critical. Accelerated response hinges on two fundamentals: planning and precision.

Plan for the worst to respond at your best

During a cyberattack, being prepared is the difference between downtime that lasts hours and disruptions that stretch into weeks. Having a solid, well-tested incident response (IR) plan in place gives organizations a critical advantage when every minute matters.

Key elements of an effective IR plan include:

Clearly defined roles and accessible contact lists: Ensure staff know who’s responsible for each action, and how to reach them – even during system outages. This includes cyber insurance contacts, who should be notified immediately during an incident.

Prioritized recovery protocols: Identify which systems to isolate and recover first to contain threats and maintain essential functions.

Immutable, segmented backups: Backups should be stored in a tamper-proof, read-only format and segmented to enable quicker restoration.

Routine tabletop exercises: Plans on paper aren’t enough. Teams should rehearse their response, document lessons learned and continually improve.

Just as clinicians train to handle medical emergencies, IT teams must be prepared to respond to cyber threats before they happen instead of learning on the fly during a crisis.

Cut through the noise with better alerting

Security teams are often inundated with alerts, many of which turn out to be false positives. This “alert fatigue” slows down response and increases the risk of missing a true threat.

To combat this, detection tools such as Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems must be tuned to reduce noise and prioritize meaningful alerts. When alerts are more accurate, teams are more likely to take fast, decisive action.

However, optimizing these systems requires both time and expertise that many healthcare IT teams don’t have. In organizations where cybersecurity staffing is limited, partnering with a managed cybersecurity provider can make a significant difference.

A specialized partner, especially one familiar with healthcare technologies like EHRs, PACS, and Pyxis systems, can configure, monitor, and respond to threats without the competing demands of day-to-day operations.

Build the foundation for faster response

Whether managed internally or through a partner, certain cybersecurity capabilities should be non-negotiable for healthcare organizations:

Asset inventory and vulnerability management to ensure complete visibility into connected systems and devices.

Endpoint protection not just for workstations, but for all supported devices.

Advanced analytics via SIEM to detect anomalies and accelerate investigation.

Regular patching and user training to address both technical and human vulnerabilities, especially in fast-paced clinical environments where phishing threats are often overlooked.

And just like clinical protocols, cybersecurity processes must be continually tested and refined. Conducting routine drills helps teams identify breakdowns, improve coordination, and adapt to new threats.

A fast response isn’t luck, it’s strategy

Technology alone won’t reduce response times. What’s needed is a proactive strategy that includes tested plans, tuned tools, strong technical baselines, and ongoing education. Many organizations will benefit from working with a cybersecurity partner who brings specialized expertise and immediate response capabilities.

In a sector increasingly targeted by cybercriminals, the ability to act fast isn’t just a competitive advantage, it’s a patient safety imperative. Investing in preparedness today ensures resilience tomorrow.

Preston Duren is vice president of threat services at Fortified Health Security.