Strengthening healthcare cybersecurity: A call to action from HIMSS25
Cybersecurity in healthcare is a growing concern as threats evolve rapidly. Industry leaders at HIMSS25 are tackling cyber resilience, workforce development, and policy reforms to secure patient data.
Las Vegas, NV — The HIMSS25 Healthcare Cybersecurity Forum commenced yesterday with a compelling keynote address by Chris Tyberg, Chair of the Cyber Working Group (CWG) Executive Committee of the Healthcare and Public Health Sector Coordinating Council (HSCC) and Chief Information Security Officer at Abbott. Tyberg emphasized the critical need for unified industry engagement to bolster cybersecurity measures across the healthcare sector.
Navigating rapid technological advancements
Tyberg highlighted the rapid pace of technological change, noting that advancements occur “in a matter of hours or overnight,” which in turn expands security threats. He stressed that the healthcare industry must adapt swiftly to these evolving challenges to protect patient safety, data privacy, and care operations.
The health industry cybersecurity strategic plan: A five-year initiative
One year into the five-year Health Industry Cybersecurity Strategic Plan, the HSCC CWG has produced 28 free resources aimed at enhancing cyber resilience for healthcare organizations of all sizes. Despite these efforts, Tyberg called for broader industry participation to leverage these tools effectively, cautioning that without collective action, the sector risks stagnation in its cybersecurity posture by 2030.
Four pillars of cybersecurity enhancement
Tyberg outlined four key pillars central to HSCC’s mission, unified by the principle that cyber safety is synonymous with patient safety:
1. Access to Resources: Ensuring that all healthcare organizations, regardless of size or location, have access to the necessary resources to secure their operations. Tyberg noted the absence of small-to-medium-sized providers at the forum, underscoring the need to engage these entities in cybersecurity initiatives.
2. Workforce Development: Addressing the cybersecurity workforce gap through initiatives like the newly announced HSCC Academic Partnership. This program seeks sponsors to support student and institutional engagement, particularly targeting two-year academic programs as valuable sources of talent.
3. Community and Mutual Aid: Drawing from models in other critical industries, HSCC advocates for mutual aid agreements where organizations can support each other during cyber incidents. While challenges exist, this approach could enhance workforce training and resilience.
4. Policy and Governance: Developing comprehensive policies and governance frameworks to guide cybersecurity efforts, ensuring alignment with evolving threats and regulatory requirements.
Engaging the broader healthcare community
A significant concern raised during the keynote was the limited participation of smaller healthcare providers in cybersecurity forums. To bridge this gap, the CWG plans to host more all-hands meetings across various cities, aiming to increase engagement and disseminate critical cybersecurity resources to all healthcare entities.
The imperative of collective action
Tyberg’s address served as a clarion call for the healthcare industry to unite in strengthening cybersecurity defenses. He emphasized that without proactive measures and widespread adoption of available resources, the sector risks facing persistent vulnerabilities in the face of advancing cyber threats.
Kenneth R. Deans, Jr., DHA, MBA, FACHDM is the President and CEO of Health Sciences South Carolina