How Healthcare Leaders Prioritize Cybersecurity Threats

The healthcare industry sits at the crossroads of innovation and vulnerability. As the digital transformation of healthcare accelerates, so do the threats targeting its infrastructure. From ransomware-as-a-service to human-targeted phishing schemes, healthcare organizations face a complex and ever-evolving cybersecurity landscape.

In this article, we delve into a detailed conversation with Russell Teague, an industry veteran and CISO at Fortified Health Security, who provides actionable insights into the most pressing cybersecurity threats in healthcare today. Through his decades of experience across multiple sectors - including healthcare, pharma, and financial services - Teague offers a roadmap for healthcare organizations struggling to prioritize their cybersecurity strategies amid razor-thin budgets and high-stakes environments.

The High-Stakes Cybersecurity Landscape in Healthcare

Healthcare organizations are prime targets for cyberattacks due to the sheer volume and sensitivity of the data they manage. Patient records, research data, and payment systems represent a treasure trove for cybercriminals. Teague emphasizes that these stakes are not just financial - they are, quite literally, matters of life and death.

"Healthcare is the number one targeted sector currently", notes Teague. This reality fuels the need for healthcare organizations to adopt a resilient, strategic approach to cybersecurity, despite resource constraints.

Top Cybersecurity Threats in Healthcare

Teague identifies four primary threats that healthcare organizations must address:

1. Ransomware-as-a-Service (RaaS)

Ransomware attacks have evolved into a business model, with sophisticated groups offering ransomware-as-a-service platforms to less experienced hackers. This shift has made ransomware more accessible and widespread, increasing the frequency of attacks on healthcare institutions. According to Teague, healthcare remains particularly vulnerable due to the immense value of patient data and the sector's reliance on uninterrupted access to systems for patient care.

"Healthcare still has the largest data trove available," Teague explains, noting how ransomware attackers often target healthcare organizations’ revenue cycles, identity data, and payment systems.

2. Third-Party Risk

Healthcare organizations are deeply interconnected with third-party vendors, including billing companies, electronic health record (EHR) providers, and supply chain partners. A breach in one vendor can lead to cascading impacts across multiple organizations. This "one-to-many" risk makes third-party vulnerabilities a critical focus area.

Examples like the MOVEit and Change Healthcare breaches underscore how interconnectivity amplifies risk.

3. The Dual Role of AI

Artificial intelligence (AI) is both a tool and a threat in the cybersecurity landscape. On the defensive side, AI enables rapid analysis of enormous datasets to detect abnormal network behaviors and predict threats. However, cybercriminals are using AI offensively to create more sophisticated malware and evolve tactics dynamically.

"AI is not a fad - it’s here to stay," Teague asserts, highlighting how its benefits in improving patient outcomes must be balanced with the risks it introduces.

4. Human Error: The Weakest Link

Despite technological advances, the human element remains the most exploited vulnerability. Social engineering tactics, such as phishing emails and fraudulent links, continue to bypass even the most robust technical defenses. Training staff to recognize and resist these tactics is a critical component of any cybersecurity strategy.

"Humans, by nature, want to be helpful," Teague notes, which makes them susceptible to clicking on malicious links or sharing sensitive information with bad actors.

Prioritizing Cybersecurity: A Framework for Action

Given the vast range of threats and the limited resources of many healthcare organizations, how can leaders effectively prioritize their cybersecurity measures? According to Teague, the key is operational resiliency - the ability to maintain critical operations, even during a cyber event.

Key Strategies for Resiliency

1. Understand Your Unique Threat Landscape
   Different organizations face different threats based on factors like size, location, and patient demographics. Conducting regular risk assessments tailored to your organization is essential.
2. Incident Readiness
   Healthcare leaders must adopt a "train-to-fight" mentality. This includes conducting annual tabletop exercises, refining incident response plans, and ensuring business continuity mechanisms are in place.
3. Network Segmentation
   By breaking up the network into smaller, isolated sections, organizations can limit the "blast radius" of a potential attack.
4. Focus on Exploitable Vulnerabilities
   Teague advises focusing on vulnerabilities that are actively being exploited in the wild, particularly in legacy systems. Fixing these should take precedence.
5. Leverage Free Resources
   Government agencies like CISA (Cybersecurity and Infrastructure Security Agency) offer free resources, including risk assessments and training programs, that can bolster an organization’s defenses without additional cost.

Addressing the Disparity Between Large and Small Organizations

One of the most striking challenges in healthcare cybersecurity is the disparity between large, well-funded healthcare systems and smaller, resource-constrained rural hospitals. With over 1,900 rural hospitals in the U.S., many of which operate near or below the financial breakeven point, these facilities often lack the resources for robust cybersecurity programs.

Teague highlights the role of government intervention in bridging this gap. Legislation that ties Medicare and Medicaid reimbursements to cybersecurity compliance can incentivize organizations to invest in protections. However, such programs must allow adequate time for implementation, as rural facilities may lag behind by as much as 20 years in adopting foundational cybersecurity measures.

"Rural facilities serve a critical need, but the fairness across the board is not the same," Teague explains.

Empowering Small Organizations

For smaller organizations with limited budgets, Teague recommends focusing on the following foundational elements:

• Annual Risk Analysis
• Vulnerability and Threat Management
• Penetration Testing
• Incident Response Readiness
• Implementation of EDR (Endpoint Detection and Response) and SIEM (Security Information and Event Management)

Additionally, participation in free training programs and leveraging resources from entities like the Health Sector Coordinating Council (HSCC) can help level the playing field.

Looking Ahead: Balancing Data Utility and Security

One of the most intriguing discussions in modern healthcare cybersecurity revolves around data management and minimization. While data is critical for research and improving patient outcomes, its availability also increases exposure to risk. Teague argues that unprotected, unstructured data accounts for the majority of breaches - not data stored in encrypted EMR systems.

Potential Solutions

• Data Encryption and Tokenization: Ensuring unstructured data is encrypted or tokenized to reduce its usability in the event of a breach.
• AI for Data Discovery: Using AI tools to map and secure sensitive data across an organization.
• Offline Data Storage: While largely impractical for healthcare, Teague notes that creative solutions may be needed as computing power advances and encryption methods face new threats.

Key Takeaways

• Ransomware-as-a-Service: A growing threat that allows inexperienced hackers to target healthcare organizations, making ransomware attacks more widespread.
• Third-Party Risks: Breaches in one vendor can affect multiple organizations, underscoring the need for strong vendor risk management protocols.
• AI's Dual Role: While AI enhances threat detection and improves patient care, it also empowers cybercriminals with advanced malware capabilities.
• Human Vulnerabilities: Training staff to recognize and resist social engineering tactics is vital for reducing human error.
• Operational Resiliency: Leaders must focus on maintaining critical operations during attacks by prioritizing preparedness, segmentation, and vulnerability management.
• Bridging the Gap: Smaller, rural healthcare providers need government support and accessible resources to close the cybersecurity disparity with larger organizations.
• Data Management: Protecting unstructured data and rethinking storage practices will be critical as encryption technologies face new challenges.

Conclusion

Cybersecurity in healthcare is both a technical and strategic challenge, but the stakes couldn’t be higher. By focusing on operational resiliency, leveraging free resources, and addressing vulnerabilities with discipline, healthcare leaders can protect their organizations and the patients they serve. As Teague aptly puts it, "With the right visibility, process, and response plans, we can prevent disruptive attacks from becoming major crises."

Healthcare organizations - large and small - must treat cybersecurity not as an optional expense but as a core component of patient care. Lives depend on it.

Source: "The Evolving Cyber Threat Landscape in Healthcare: Insights from Russell Teague - Part I" - Forcepoint, YouTube, Aug 12, 2025 - https://www.youtube.com/watch?v=gbEBvJJIl7g

Use: Embedded for reference. Brief quotes used for commentary/review.

Related Blog Posts

• Top 5 Healthcare Supply Chain Security Challenges
• Ultimate Guide to Cyber Resilience in Healthcare
• 5 Challenges in Healthcare Cyber Risk Management
• The Future of Risk Assessment & the Analyst Role