For the past 15 years, the allure of EHR replacements has drawn massive investments, shifting between Epic, Oracle, and MEDITECH, with the perception of “progress.” But let’s be honest: cybersecurity, for all the talk and exposure, rarely gets the same level of priority (or budget). There’s nothing flashy about endpoint detection or next-gen firewalls… until a crisis hits.
Unfortunately, we’re seeing the consequences.
I’ve spoken to hospitals running Biomedical devices on Windows XP and Windows 7. These are ticking time bombs in today’s threat landscape.
The tragic case in Alabama*—where a newborn died and the hospital failed to disclose an active ransomware infection—has opened the legal floodgates. Transparency is no longer optional; it’s a matter of trust and safety.
Cyber insurance is no substitute for a cybersecurity strategy. Insurers are tightening their grip, and many now require incidents to be reported to them first, before the hospital even responds. This shift speaks volumes about how underprepared many organizations still are.
It’s time we treat cybersecurity as clinical infrastructure. Let’s move beyond EHR swaps and start investing in the less glamorous, but far more vital, pillars of secure and resilient healthcare IT.
