Cyber Resilience Is Redefining What ‘Secure Healthcare’ Means

In the past, healthcare cybersecurity strategies focused primarily on preventing attacks. Investment, policy and executive attention centered on hardening systems, securing networks and keeping threat actors out. But that framing is increasingly out of step with reality.

Today, healthcare organizations operate in an environment where sophisticated ransomware groups routinely target hospitals, health systems and their vendors. Prevention still matters, but it is no longer sufficient on its own. The operational reality is that even well-defended organizations can and do experience disruptions that affect clinical systems, scheduling, pharmacy operations and, in the most severe cases, direct patient care.

This shift has pushed cybersecurity leaders and clinicians toward a more pragmatic conclusion: It’s no longer about whether a breach will occur, but how well an organization can continue functioning when it does.

Healthcare continues to experience some of the highest breach-related costs and longest recovery times of any sector, according to industry analysis on the IBM Cost of a Data Breach Report, with patient care delivery increasingly affected when clinical systems go offline.

Against this backdrop, members of the Senior Executive Healthcare Think Tank explore what modern cyber resilience actually requires in practice—from clinical continuity planning and system architecture to executive leadership, workforce readiness and the ability to maintain safe patient care during active disruption.

Design for Care Continuity, Not Just Security

Asaad Hakeem of SARC MedIQ says healthcare organizations should begin with a simple principle: Protect patient care first.

“Modern healthcare cyber resilience means designing for continuity,” Hakeem says. That requires “segmented systems, immutable backups, tested downtime workflows, vendor risk controls, rapid incident response and executive-led drills” that simulate real-world attacks.

Recent cyber incidents have demonstrated that operational disruption—not simply stolen data—is often the greatest threat facing hospitals. Organizations that rehearse recovery procedures before an incident are far better positioned to maintain safe clinical operations during one.

“Leaders must protect care delivery first,” Hakeem says, “not just data.”

“The honest test isn’t ‘Are we secure?’ It’s ‘Can we deliver safe care for 72 hours without our normal systems?’”

– Harikrishnan Muthukrishnan, Principal IT Developer at BCBS Florida

SHARE IT

Treat Every Cyberattack as a Clinical Event

Harikrishnan Muthukrishnan, Principal IT Developer at BCBS Florida, argues executives should stop viewing cyber incidents as technology failures.

“In healthcare, a cyberattack isn’t an IT outage; it’s a clinical event,” he says. “Defense in depth, least privilege and segmentation matter, with a focus on building resilience; ultimately, it’s about keeping patients safe when systems go dark.”

He recommends every organization establish a realistic downtime care model for high-risk areas including emergency departments, operating rooms, intensive care units, pharmacies and laboratories. Paper documentation, manual workflows and regular drills should become as routine as fire drills.

Equally important, leadership should identify the organization’s “minimum viable hospital”—the smallest combination of systems, people and vendors necessary to safely deliver care.

“The honest test isn’t ‘Are we secure?'” Muthukrishnan says. “It’s ‘Can we deliver safe care for 72 hours without our normal systems?'”

Prepare Clinicians to Work Without Technology

Mahendran Chinnaiah, Digital Healthcare Architect for a major U.S. healthcare and pharmacy services organization, believes resilience depends on preparing clinicians—not just IT teams—for degraded operating conditions.

“Modern cyber resilience shifts the focus from network uptime to sustained safe care delivery during a degraded state,” he says.

He advocates building clinical continuity plans supported by zero-trust micro-segmentation so compromised systems can be isolated without disrupting connected medical devices or imaging platforms. Just as importantly, backups should be immutable and air-gapped to prevent ransomware from spreading.

Preparation should extend well beyond tabletop exercises.

“Front-line clinicians must practice paper charting, offline medication reconciliation and manual triage,” Chinnaiah says. “True preparation means establishing absolute clarity on the exact risk tier of every piece of software before an attack occurs.”

As healthcare organizations continue expanding digital infrastructure and connected medical devices, resilience increasingly depends on ensuring clinicians can safely deliver care whether technology is available or not.

“From a technology standpoint, the key factor in resilience is strategic redundancy.”

– Jason Foodman, Managing Director at Archetype Growth

SHARE IT

Build Redundancy Into Critical Infrastructure

Jason Foodman, Managing Director at Archetype Growth, says resilience starts with architecture. Rather than relying on a single environment, healthcare organizations should design systems that can withstand failures without interrupting patient care.

“From a technology standpoint, the key factor in resilience is strategic redundancy,” Foodman says. 

For larger organizations, that means creating distributed, multi-region environments with replicated data and automated failover capabilities that minimize downtime when systems are compromised.

“Having the systems and data distributed and replicated enables automated, near real-time failover to prevent total outages,” Foodman says.

Cloud-native redundancy has become a best practice across many industries, allowing organizations to recover critical applications in minutes instead of hours or days. For healthcare providers, that capability can directly affect patient access to care.

“Healthcare organizations should adopt lessons from the major cloud service providers.”

– Mark Francis, Founder and CEO of CaregiverZone, Inc.

SHARE IT

Learn From Major Cloud Leaders

Mark Francis, Founder and CEO of CaregiverZone, Inc., believes healthcare organizations should adopt many of the resilience practices pioneered by major cloud providers.

“Healthcare organizations should adopt lessons from the major cloud service providers,” Francis says. “This includes system redundancy across geographic regions as well as utilizing multiple availability zones.”

In addition to ensuring continuously synchronized data, Francis also recommends providers adopt a “proactive cybersecurity threat assessment strategy with 24/7 threat monitoring, synthetic testing to assess system integrity and regular updates to minimize potential disruptions.”

Rather than waiting for failures, Francis says organizations should continually test whether systems can withstand disruptions before patients are affected.

Treat Cybersecurity Like Any Other Operational Risk

Dr. Dmitriy Schwarzburg, Founder and Medical Director of Skinly Aesthetics, says executives should manage cybersecurity the same way they manage any operational risk.

“The focus should not only be on preventing attacks, but also on maintaining operations when one occurs,” Schwarzburg says.

That preparation includes backup systems, clearly documented response plans, ongoing staff education and contingency procedures that allow patient care to continue when critical technology becomes unavailable.

“Executives should approach cybersecurity the same way they approach any other operational risk—assume disruptions will happen, prepare for them and ensure the organization can continue functioning safely when they do.”

For Schwarzburg, resilience is as much about organizational preparedness and leadership as it is about technology.

Make Cyber Resilience an Enterprise Responsibility

Jordan Henry, Founder and Chief AI Ethicist at Veritas AI Consulting, says cyber resilience should be embedded across the organization rather than confined to the IT department.

“A modern healthcare cyber-resilience strategy should assume disruption, not just prevention,” Henry says. He recommends treating cybersecurity as enterprise risk by combining continuous monitoring, segmented systems, secure backups and routine downtime exercises.

Preparation should also extend beyond technology teams. Henry says clinical leaders, legal counsel, operations executives and communications teams should participate in regular tabletop exercises so everyone understands their responsibilities before an incident occurs.

“The goal is simple: Contain fast, recover safely and preserve patient care continuity.”

Plan for Failure Before It Happens

Sriharsha Chavali, Enterprise Technology Leader at The Aspen Group, believes resilient organizations accept that outages are inevitable and prepare accordingly.

“Healthcare cyber resilience is a care delivery issue, not just an IT issue,” Chavali says. “The focus should be on the minimum viable services needed to protect patients, maintain operations and prevent downstream financial damage.”

He encourages healthcare leaders to identify system dependencies, establish recovery priorities and regularly rehearse downtime procedures with nursing, pharmacy, revenue cycle teams, clinical operations and vendors.

“The organizations that recover fastest are not the ones that never fail—they are the ones that already know what to do when systems go down.”

Engineer Recovery Into the Architecture

Tirumala Ashish Kumar Manne, Principal Cloud Architect at Optum, argues that resilience must be built into healthcare technology from the ground up.

“Resilience starts from the assumption that primary systems will fail,” Manne says. He recommends separating identity services from clinical workflows, maintaining immutable audit logs, continuously monitoring for anomalous behavior and segmenting networks by clinical domain to prevent attacks from spreading.

He also believes organizations should set ambitious recovery objectives measured in minutes rather than hours and regularly validate them through realistic testing.

“The hard barrier is architectural,” Manne says. “Most healthcare still runs on monolithic, tightly coupled legacy stacks where real segmentation means a platform rebuild.”

Critical Lessons for Healthcare Leadership

• Protect patient care before protecting systems. Design cyber resilience around clinical continuity, not simply data security.
• Treat cyber incidents as clinical emergencies. Build and rehearse manual workflows that allow hospitals to function during prolonged outages.
• Train clinicians for degraded operations. Regular downtime drills should include paper documentation, medication reconciliation and manual triage.
• Invest in strategic redundancy. Distributed infrastructure and automated failover reduce the risk of prolonged outages.
• Continuously validate resilience. Threat monitoring, synthetic testing and proactive assessments help identify weaknesses before attackers do.
• Prepare for operational disruption. Leadership should manage cyber risk as they would any other enterprise risk.
• Make resilience organization-wide. Include executive leadership, legal, operations and clinical teams in planning and exercises.
• Identify your minimum viable services. Know which systems must be restored first to protect patients and sustain operations.
• Build resilience into system architecture. Segmentation, continuous monitoring and rapid recovery capabilities should be foundational design principles.

When Prevention Fails, Resilience Defines Care

Healthcare organizations can no longer measure cybersecurity success solely by preventing breaches. As attacks grow more sophisticated, resilience has become the defining capability—allowing hospitals and health systems to continue delivering safe, effective care even when critical technology is disrupted.

Collectively, members of the Senior Executive Healthcare Think Tank agree that cyber resilience requires more than stronger security tools. It demands executive leadership, resilient technology architectures, well-rehearsed clinical workflows and a culture that assumes disruption is possible and prepares accordingly. Organizations that embrace this mindset will be better positioned to protect both their operations and, most importantly, their patients.