Hospitals and health systems are grappling with shrinking margins, workforce shortages, and rising patient expectations, which makes the balance between quality care and value-based models increasingly challenging. While AI is often seen as a quick fix, healthcare CIOs must urgently address foundational gaps in cybersecurity, operations, and the clinical workforce.
Cybersecurity
As we step into October, a month dedicated to cybersecurity awareness, it’s a timely reminder for healthcare CIOs to prioritize one of their most pressing concerns: cybersecurity. This month can serve as a starting point to reevaluate and strengthen cybersecurity measures in healthcare organizations.
A recent Sophos report shows a sharp rise in ransomware attacks, with 73% of healthcare organizations affected in 2024, up from 66% in 2023. Several factors drive this surge, including the growing sophistication of cybercriminals, widespread use of legacy systems, and the expanded attack surface from healthcare’s digitalization. The hybrid remote and in-person care model has also increased vulnerabilities by creating more entry points for cyberattacks. The need to regularly review and update their organization’s security posture has never been more evident for CIOs.
Healthcare leaders face a crucial dilemma when deciding whether to pay the ransom during ransomware attacks. According to the Sophos report, 60% of healthcare organizations hit by ransomware opted to pay the ransom. However, only 47% of those who paid could recover all their data. This statistic illustrates the uncertainty and risk of relying on cybercriminals to restore access to critical systems.
The data on ransomware attacks reminds healthcare CIOs that paying the ransom is not a guaranteed solution. Instead, investing in robust backup and disaster recovery solutions is essential to ensure data restoration without relying on ransom payments, breaking the cycle of attacks and discouraging cybercriminals. Experts in the healthcare industry advise against paying the ransom.
The report also highlights the evolving landscape of cyber insurance. While it can offset some of the ransomware costs, obtaining coverage is becoming increasingly complex. Many insurers now require healthcare organizations to demonstrate advanced cybersecurity controls as a condition for coverage. This underscores the need for CIOs to balance reliance on cyber insurance with investments in preventive measures. A comprehensive cybersecurity strategy is essential in today’s digital healthcare landscape.
IT and Clinical Teams Gap
A survey released by symplr reveals a disconnect between IT leaders and clinicians. Clinicians (72%) believe they should have more influence in software purchasing decisions, while IT leaders (60%) and operational leaders (51%) are more hesitant about involving them. Additionally, only 57% of clinicians feel their hospital operations software allows them to deliver the best possible patient care.
Healthcare CIOs have a long history of collaboration with clinical leaders like the chief medical officer or chief medical informatics officer. However, it’s not just about involving a physician ‘super user’ in vendor selection. It’s about engaging them from the start. Similarly, clinical leaders must include IT at the outset when exploring technology solutions, not after making a decision. This close communication between clinical and IT teams is crucial in bridging the gap and ensuring the best possible patient care.
As we approach 2025, healthcare leaders must focus not only on AI but also on strengthening foundational elements like cybersecurity and bridging the gaps between IT and clinical teams. While these efforts may not be as flashy as adopting AI, they are essential for keeping organizations safe and ensuring sustainable progress. Prioritizing robust processes over quick technology fixes will ultimately drive long-term success and enable healthcare systems to thrive in an increasingly digital world.