We don't typically think of healthcare as infrastructure, but the functioning of our healthcare facilities is just as essential as that of our roads and utilities. Because of this criticality, healthcare systems require 100% uptime, a necessity that is vulnerable to the reality of cyber threats.
According to the FBI's Internet Crime Report, the healthcare industry reported 444 cyber-related incidents in 2024, the most out of any critical infrastructure industry. Despite this reality, many hospitals and health systems feel unprepared to respond and recover from these threats. The Travelers Risk Index survey found that only 51% of healthcare respondents were confident their organizations have best practices in place to prevent or mitigate a cyber event. Key challenges driving this lack of confidence include:
- finding and hiring IT and cyber talent
- gaining visibility into an ever-growing set of connected devices
- variances in industry standards making it difficult to aggregate and correlate security events across platforms
- software development lifecycle complexities hindering the standardization of security controls, monitoring, and incident-response processes
To help meet these challenges (and more), agencies across government are providing guidance to help healthcare institutions better respond to the cyber-threat landscape.
Device-Security Standards
This June, the Food and Drug Administration (FDA) issued guidance that requires medical device manufacturers to build cybersecurity into devices across the entire product lifecycle, starting at the design phase. This guidance also requires the submission of cybersecurity documentation for all devices. The detail of these documents and requirements scale with the risk a device poses should it be breached.
Securing AI
The Health and Human Services (HHS) AI roadmap seeks to support the innovation of artificial intelligence (AI) in healthcare while promoting trustworthy and ethical development and use. This roadmap also addresses how to cultivate workforces and organizational cultures that can safely and effectively use AI. Doing all this will require collaboration between HHS and AI developers; one HHS plan is to pair AI companies with National Institute of Health-funded investigators to expand knowledge sharing in the development of AI-powered medical products and treatments.
As part of updating the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule, HHS is looking to develop resources and educational materials to help organizations understand and address privacy concerns posed by AI.
Improving Interoperability
This summer, the White House announced an initiative with over 60 healthcare and technology companies to develop ways to make personal medical data more accessible to U.S. consumers via digital devices. The Centers for Medicare and Medicaid Services (CMS) is spearheading this effort to expand the digital health technology ecosystem, with an eye toward improving patient care and outcomes. Participating companies will develop applications that use secure digital-identity credentials to obtain medical records from CMS Aligned Networks; a key focus of these apps will be helping patients better manage chronic conditions like diabetes and obesity.
To stay on top of policies and trends impacting healthcare IT security, check out these events and resources:
- Health IT Preview Event (January 22, 2026; Oxon Hill, MD) - AFCEA Bethesda will offer a sneak peek of their 2026 Health IT Summit, featuring an interactive panel session and reception.
- 2026 Healthcare Summit (February 12, 2026; Falls Church, VA) - Thought leaders in government healthcare technology--particularly those supporting warfighter health at places like the Defense Health Agency and Department of Veterans Affairs--will take the stage to discuss the most pressing topics in healthcare technology and citizen user experience.
- HIMSS 26 (March 9-12, 2026; Las Vegas, NV) - At this annual event, leaders in the healthcare industry come together to discuss health equity, AI, data governance, workforce challenges, digital health transformation, interoperability, cybersecurity, process analysis and redesign, and more.
- State of the Industry: Healthcare (white paper) - This report provides an in-depth look at the transformative shifts shaping healthcare delivery, innovation, and technology adoption. It explores how digital tools, data analytics, and AI are redefining patient engagement, operational efficiency, and clinical outcomes. The report also highlights the challenges facing healthcare leaders--from regulatory pressures to workforce shortages--while showcasing strategies to modernize systems and enhance care equity.
- How Zero Trust Data Security Can Neutralize the Impact of Ransomware Attacks (white paper) - Ransomware attacks account for approximately 70% of all reported cyberattacks globally. These attacks continue to grow in sophistication and scale, increasingly targeting industries such as healthcare, financial services, manufacturing, and government. This report focuses on methods for mitigating ransomware attacks and their effects.
- The Role of AI In Advancing Precision Medicine: A Focus on Genetics and Mental Health (white paper) - Artificial intelligence is reshaping the future of precision medicine, offering groundbreaking advancements in mental health and genetics. The integration of AI-driven insights into electronic health records enables personalized treatment plans, ensuring that medical care is tailored to each individual's unique genetic and health profile. As AI continues to evolve, its role in precision medicine holds the promise of improving patient outcomes and transforming the way healthcare is delivered.
For more information on health IT security, search for additional events and resources on GovEvents and GovWhitePapers.
