Article

More healthcare platforms, more data—and more cybersecurity risk

Learn key cybersecurity considerations for healthcare organizations investing in new platforms and tools.

As healthcare’s dependence on technology has increased over the last decade, so have its cybersecurity vulnerabilities. With more platforms, data, and digital tools in play, the risk landscape has grown increasingly complex, demanding increased vigilance and stronger defenses.  

During a Clearwater Cyber Briefing, Guidehouse Director Erik Pupo joined Clearwater CEO Steve Cagle to discuss risks that healthcare leaders must keep top of mind. Watch the webinar and read our recap to learn how to protect your organization.  

 

 

 

New tech introduces new vulnerabilities

Health systems have invested significantly in AI, cloud, data, and cybersecurity platforms over the past decade. But many organizations are now realizing that these tools don’t always integrate seamlessly—and their complexity often introduces a tangled web of vulnerabilities.  

As health systems expand their use of AI and make more data accessible to these tools, the problem has only intensified, Pupo said. Often, the issue stems from human error—tools are being introduced without proper vetting or configuration.  
 
“We don’t have a good compliance environment right now for AI,” Pupo said. “People are following HIPAA and GDPR [(General Data Protection Regulation)] and other regulations and documenting compliance,” but aren’t always considering how humans may be circumventing cybersecurity protections.  
 

 

Data growth drives cyber risk exposure

As health systems have invested in an increasing number of platforms, they’re generating unprecedented amounts of data. That makes them an attractive target for bad actors, expanding the potential for attacks.  

While large volumes of data benefit large language models, inaccurate or poor-quality data can pose serious risks to clinical outcomes, business operations, and cybersecurity. This is especially problematic for use cases such as revenue cycle and clinical documentation, where accuracy is critical.  
 
“Right now, we’re trying to bring together hordes of data through interoperability initiatives, and we often see errors when we do that,” Pupo said. “[Especially] if you’re pulling structured data out of unstructured sources, it introduces cybersecurity risks in terms of error rates, model inversion, and data poisoning attacks.”  
 

 

Cybersecurity starts with informed employees and skilled professionals 

While any number of tools can help healthcare organizations put up a strong cyber defense, nothing replaces robust employee education and a well-trained cybersecurity team. Multi-factor authentication is a critical tool that can ward off phishing attacks, but it doesn’t replace education for employees to warn them against using unvetted tools. Trust is important—an overprotected, zero-trust environment can challenge efficiency and negatively impact employee buy-in.   

“A zero-trust approach in a multi-cloud, complex technology environment is pretty hard,” Pupo said. “If you have to field every access request it’s nearly impossible [to be efficient] and people develop workarounds that become risks.”  
 
That’s why it’s critical for leaders to carefully scrutinize where they’re spending their cybersecurity budget, making sure they’re investing in fundamental protections like an effective education program and sophisticated but well-rounded cybersecurity professionals who can work beyond their specialization.  
 
“You build with security in mind,” Pupo said. “Not just process-focused but people-focused—build the right team.”  
 

 

Quatum threats demand proactive safeguards 

While much attention has been paid to AI and machine learning, quantum computing is the next major tech frontier. There are some concerns that bad actors with quantum computing capabilities could render current cryptographic systems obsolete, posing a risk to data security.  

It’s not just a distant threat. Even if hackers can’t currently decrypt an organization’s data, they may take a “harvest now, decrypt later” approach, stealing that data in hopes of one day being able to decrypt it with quantum capabilities. 
 
Like other advances in technology, quantum poses its own risk for healthcare organizations that choose to use it themselves. Widespread adoption of quantum computing capabilities in functions like provider revenue cycle and payer authorization “will require even more data and create more vulnerability,” Pupo said.  
 

 

Leading through cyber risk evolution 

As healthcare technology evolves and advances, so do the risks. From AI and data overload to the uncertain future of quantum computing, leaders must stay vigilant—balancing innovation with smart strategy and a clear-eyed view of their cybersecurity priorities. Proactive leadership—grounded in awareness, collaboration, and adaptability—will be key to navigating the evolving cyber landscape. 

Let us guide you

Guidehouse is a global AI-led professional services firm delivering advisory, technology, and managed services to the commercial and government sectors. With an integrated business technology approach, Guidehouse drives efficiency and resilience in the healthcare, financial services, energy, infrastructure, and national security markets.

Stay ahead of the curve with our latest insights, expertly tailored to your industry.