Dan L. Dodson, CEO of Fortified Health Security, is a leader in healthcare cybersecurity, privacy and risk, and host of Cyber Survivor.
Not long ago, preparing for a worst-case cyber scenario meant bracing for one massive, headline-grabbing breach. One event. One crisis. One very bad week.
While still a reality, that’s no longer the only scenario that healthcare leaders are facing today. They also face a relentless, grinding stream of disruptions that has raised the question of whether organizations can continue to deliver care under constant pressure.
Why Frequency Now Defines Risk
Remember, threat actors aren’t rogue hackers in someone’s basement anymore. They are highly organized groups with hierarchies, targets, quotas and a focus on return on investment (ROI), whether through collecting ransom or creating disruption.
Automation and AI have fundamentally changed the economics of cyberattacks, and in doing so, they have also expanded the target list. Threat actors no longer need to pull off one sophisticated, large-scale breach to succeed. They can target more organizations, more often, with far less effort. That changes everything.
Smaller hospitals and regional health systems that were once insulated by expected low returns are now just as exposed as large medical centers.
While a single large breach catches our attention, it is really a study of a single instance and doesn’t tell us much about the overall risk environment that healthcare faces. It’s the pattern of repeated disruptions that will show us where the real risk is.
The Operational Toll Of Constant Disruption
Constant disruption doesn’t announce itself with sirens and flashing lights. It creeps, quietly and relentlessly, into the fabric of daily healthcare operations. It’s the nurse who can’t pull up a patient’s medication history and has to track down a physician before administering care. It’s the pharmacist handwriting orders and manually checking medications against each other for interactions. It’s the IT analyst who was supposed to be hardening the network but spent the day chasing down another security alert.
None of these specific moments necessarily makes the news. Still, they accumulate and erode staff confidence, slow care delivery and force staff and leadership alike to focus on immediate issues instead of long-term priorities.
Most importantly, they redirect resources away from the mission of patient care.
Rethinking What Resilience Means
Prevention will always matter. But in this environment, betting everything on prevention alone isn’t a strategy. It’s wishful thinking. The attack surface in healthcare is too large, and the pace of threats is too fast.
Real resilience comes down to speed: how quickly you can detect a problem, contain it and recover while, ideally, still delivering care. That’s where most organizations fall short.
For most teams, that means stronger monitoring, better segmentation and incident response plans that have actually been tested. The difference between a contained issue and a widespread disruption often comes down to a difference of minutes in speed of response.
Why Leadership Still Has A Gap To Close
Leaders, in healthcare and beyond, tend to respond to what’s visible, and nothing commands a boardroom like headlines that come with big breaches. They also come with hard numbers—ransom demands, recovery costs, regulatory penalties—that make them easy to quantify, easy to report and relatively easy to act on.
While healthcare has made great progress due to recent visibility spurred by mega breaches, the frequent, lower-level disruptions don’t carry that same visibility. They get absorbed into operations, explained away as isolated incidents or handed off to the IT team to resolve.
There’s also a comfort in this sort of belief that the absence of catastrophe is evidence of strength. That if we haven’t been breached, we must be secure.
But that thinking is exactly what adversaries are counting on. While leadership is watching for the lightning strike to move, the constant drip of disruption could be causing a slow, and arguably as catastrophic, erosion in clinical workflows, staff bandwidth and security posture.
Avoiding that requires a high level of visibility supported by clear ownership, consistent reporting and governance to establish cybersecurity as a patient safety issue and make it a key consideration in decision-making.
Building For Endurance, Not Just Defense
There will always be a new tool, a new vulnerability and a new attack method. That’s the reality of the healthcare environment. So, organizations that chase tools alone will always be one step behind.
What matters more is whether your teams and processes can function under sustained pressure to maintain care during disruptions, recover quickly and stay on track. That kind of resilience doesn’t come from technology alone. It comes from discipline.
It requires governance that embeds cybersecurity into strategy, not just IT budgets. It requires staff who have done exercises in downtime procedures before a crisis hits. And, it requires partners who are built for healthcare, who understand what’s at stake and who show up ready to move fast.
Threat actors only need to succeed once. Healthcare organizations have to be ready every day.
In a constant disruption environment, endurance is the strategy.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
