Healthcare Organizations Report Major Financial and Clinical Impact from Cyber Threats: EY-Klas Survey

The report, which surveyed 100 executives responsible for cybersecurity decisions, found that healthcare organizations encounter frequent threats, averaging five different types per year.

A recent survey conducted by Ernst & Young (EY) and Klas Research reveals that healthcare organizations are facing substantial financial, operational, and clinical consequences due to cyber threats. 

Over the past two years, more than 70% of surveyed healthcare leaders reported experiencing moderate to severe financial impacts from cybersecurity incidents, while nearly 60% cited clinical disruptions, including delayed treatments and compromised patient trust.

The report, which surveyed 100 executives responsible for cybersecurity decisions, found that healthcare organizations encounter frequent threats, averaging five different types per year. Phishing attacks and breaches at third-party vendors were reported as the most common threats.

“While cyber executives say leadership support has improved, additional resources and backing are needed,” the report stated. “Leaders said the challenge isn’t getting approval, but sustaining commitment when budgets tighten or priorities shift.”

Operational impacts were noted by 60% of respondents, highlighting the widespread effects of cyber incidents on healthcare delivery. Executives emphasized that investing in cybersecurity remains critical, with more than 80% indicating that prioritizing cyber preparedness within organizational strategy helps mitigate risks.

However, funding challenges persist. Nearly two-thirds of survey participants pointed to competing organizational priorities or tight budgets as barriers to achieving cybersecurity goals.

Recruiting skilled cybersecurity staff also remains a pressing concern. Many organizations struggle to fill critical cyber roles, sometimes leaving positions vacant for years, which increases reliance on contractors. Experts warn that healthcare may face additional competition for talent, as other industries can offer higher compensation.

Despite these challenges, more than half of the respondents identified training and upskilling existing staff as an effective measure to enhance cybersecurity capabilities.

Vendor security continues to be a critical issue for healthcare organizations, which frequently rely on third-party providers for electronic medical records, revenue cycle management, and digital health solutions. Nearly 70% of respondents plan to increase investment in enforcing cybersecurity requirements in vendor contracts in the coming fiscal year. Additionally, over half of the surveyed leaders said they would focus more on regulatory compliance concerning third-party cybersecurity.

The findings underscore that cybersecurity in healthcare is not only a technological issue but also a strategic and operational priority. Organizations must navigate financial constraints, staffing shortages, and complex vendor relationships to safeguard patient data and maintain uninterrupted clinical services.

Stay tuned for more such updates on Digital Health News