The healthcare sector is facing unprecedented cybersecurity challenges, and the stakes are higher than ever before. As cyber threats continue to escalate in both frequency and sophistication, the potential impact on patient safety, data privacy, and the overall functioning of healthcare systems seems to have reached a tipping point. Indeed, high-profile attacks on major global healthcare organizations have illustrated how cyber incidents can disrupt entire ecosystems, compromise patient care and erode public trust.

Chief information security officers (CISOs) at healthcare organizations remain at the forefront of protecting sensitive patient data, helping ensure the resilience of critical infrastructure, and enabling the adoption of innovative technologies. They are expected to deliver on this mandate while grappling with the limitations of legacy systems and a scarcity of cybersecurity talent. How quickly are they able to identify, respond to, and recover from cyber incidents to ensure uninterrupted care? As a result, resilience as a theme remains a priority for cyber leaders.

While the integration of artificial intelligence (AI) shows great promise for sector-specific use cases, CISOs will be responsible for secure deployment. For example, AI-powered medical transcription tools can help health professionals focus more on care. However, CISOs must ensure that the necessary security controls, such as data privacy and access management, are in place to protect sensitive patient information. Using consolidated solutions by major platform providers, CISOs can simplify their technology stack and focus on securely enabling digital transformation initiatives.

CISOs also must actively navigate a change in the scope of the cybersecurity function. Historically, CISOs in healthcare have operated in the background, focused on managing technical vulnerabilities and compliance requirements. However, the evolving threat landscape demands a new kind of leadership from CISOs. The expanded perspective of the role positions them as strategic business enablers rather than mere gatekeepers, an evolution corroborated by KPMG research. Indeed, 70 percent of healthcare organizations report that cybersecurity is typically involved from the earliest planning stages of the decision-making process for tech investment and has a high influence on outcomes.1

The path forward for healthcare CISOs is clear: they must become the architects of a new cybersecurity paradigm that prioritizes resilience, adaptability, and collaboration. This report explores cybersecurity considerations for the healthcare sector, from the increasing sophistication of cyber threats to the complex regulatory landscape and the imperative to protect patient data. It also provides practical guidance on key areas, such as incident response planning and aligning cybersecurity with business objectives.

Key cybersecurity considerations for healthcare companies in 2025

Resilience by design: Cybersecurity for businesses and society

The risk posed by ransomware and other malicious attack modes to potentially cause large-scale healthcare disruption is expanding at an alarming rate. As such, cyber resilience remains a primary focus. CISOs view this imperative not merely as a cybersecurity issue, but as a critical business continuity challenge. The scope extends beyond incident response to include rapid system restoration, data recovery, and supply chain resilience. Historically, healthcare CISOs, as in other critical sectors, concentrated on safeguarding the organization’s “crown jewels”—critical data, intellectual property, and trade secrets. Today, the broader mandate is to ensure the security and resilience of the entire enterprise.

Robust asset management remains the cornerstone of cyber resilience. Yet, as digital ecosystems across healthcare expand, so too does the attack surface. Each new third-party connection introduces another potential vulnerability. Cyber attackers look to identify and exploit the weakest link, which could be something as seemingly trivial as an unsecured printer. Thus, CISOs need to go beyond internal defenses, proactively evaluating and strengthening the security posture of every partner, vendor and supplier.

Key challenges

Resilience and business continuity

Healthcare organizations need to prioritize resilience and business continuity to quickly identify cyberattacks, restore critical services, and mitigate risks to patient care.

Protecting sensitive patient data

Healthcare organizations must safeguard vast amounts of sensitive patient data to prevent breaches that can lead to identity theft, financial loss, and erosion of trust.

Minimizing downtime and financial impact

Healthcare organizations must minimize downtime caused by cyberattacks to help ensure continuity of care.

Regulatory compliance and legal liabilities

Healthcare organizations must develop a strong cyber resilience posture to comply with strict regulations and avoid costly penalties and legal liabilities.

Maintaining trust and reputation

Healthcare organizations must invest in cyber resilience to maintain patient trust and protect their reputation.

Key opportunities

Setting up a strong cybersecurity foundation – Robust security controls, vulnerability management, threat detection and response, and incident response planning can all together contribute to a strong cybersecurity foundation.

Planning recovery – Regular backups, secure storage, and a well-rehearsed plan can all help you restore systems and get back online quickly. Business continuity and disaster recovery are essential to maintain essential operations during and after disruptions.

CISOs can significantly reduce cyber risks by prioritizing security awareness training and third-party risk management. Comprehensive training programs need to educate staff on best practices. Strict vendor security protocols can ensure the protection of shared data.

The ever-evolving role of the CISO

The CISO role in healthcare is shifting in scope from technical to strategic leadership. The increasing complexity of cyber threats, growing reliance on new technologies, and the rising importance of data security and privacy are all driving this dynamic. Today’s CISOs are expected to be the definitive source of truth across a broad spectrum—from security controls and risk intelligence to identity management and overall cyber hygiene. Responsibilities once centralized are now being distributed across departments. This requires a re-evaluation of how cybersecurity leadership is structured.

This growing role fragmentation reflects a practical reality: no single individual can maintain deep expertise in every domain while also steering the strategic direction of enterprise-wide cyber resilience. The future of the CISO will rely on getting the balance right between specialization and unified oversight. As healthcare organizations embrace digital transformation, CISOs must navigate the challenges of legacy systems, talent shortages, and the need to consolidate security platforms while striving to ensure the security and resilience of ongoing services.

Key challenges

Delivering in a fast-changing role

Traditionally, CISOs primarily focused on implementing security technologies, managing firewalls, and responding to incidents. However, CISOs must now consider a broader scope, including securing cloud computing, AI, software medical devices, and the entire value chain and back-office revenue operations.

Siloed cybersecurity function

Cybersecurity was often seen as a separate IT function, with limited interaction with other departments. CISOs need to elevate their profile and become business enablers, working closely with various departments to help ensure the organization is innovating securely.

Change in approach 

Cybersecurity efforts were often reactive, responding to incidents after they occurred. CISOs must adopt a proactive approach, focusing on resilience and business continuity.

Going beyond compliance-driven security measures

While compliance remains crucial, CISOs must also prioritize managing cybersecurity as a business risk, enabling secure adoption of new technologies and processes.

Key opportunities

Strategic advisors – CISOs must become strategic advisors, assessing cyber risks in the context of business objectives and providing guidance on security investments and risk mitigation strategies.

Cross-departmental collaboration – CISOs need to collaborate with clinical operations, legal, and compliance to integrate security into all aspects of the organization and help secure the entire healthcare value chain.

Proactive risk mitigation – CISOs should adopt a proactive approach, implementing robust security controls, conducting regular risk assessments, and promoting security awareness while leveraging major platform players.

Patient safety and privacy – CISOs can take the lead on data protection measures, including privacy checks, confidentiality checks, and appropriate access controls.

Risk-based compliance – CISOs need to prioritize security investments based on the likelihood and potential impact of cyber threats while navigating the evolving regulatory landscape.

Healthcare organizations must empower CISOs to take a strategic leadership role in aiming to ensure the security and resilience of their systems and data. Fostering collaboration, creating a culture of security awareness, and investing in the right cybersecurity technologies, processes, and people are essential for mitigating risks and protecting patient data. As the healthcare industry evolves, prioritizing cybersecurity will be crucial for delivering high-quality, secure, and resilient healthcare services.

Platform consolidation

Healthcare CISOs are facing pressure to simplify security operations as a result of rising cyber threats and increasing regulatory compliance requirements. The numerous options available, from endpoint security and security information and event management (SIEM) to vulnerability management, Internet of things (IoT) security, extended detection and response (XDR), and managed detection and response (MDR), often make planning overwhelming.

In this environment, many CISOs are struggling to manage, maintain, and integrate a complex patchwork of disparate tools. They often spend more time on integration than harnessing the value of the data for usable security insights. As a result, there is a growing trend among healthcare organizations to consolidate their cybersecurity capabilities onto unified platforms. This approach can help improve efficiency, streamline security processes, and optimize resource allocation.

Large organizations are particularly keen to progress this evolution. Working with fewer vendors enables CISOs to have a clearer, more holistic view of their organization’s threat landscape and streamline their training efforts. However, CISOs must be mindful of potential pitfalls, such as concentration risk, wherein an organization may become overly reliant on a single vendor or platform.

Key challenges

Vendor lock-in 

Choosing a single platform, can lead to vendor lock-in, making it difficult for healthcare organizations to switch to a different solution in the future.

Integration challenges

Integrating different security tools and technologies, such as Security information and event management (SIEM), Security orchestration, automation, and response (SOAR), and AI, onto a single platform can be complex and time-consuming for healthcare CISOs.

Potential functionality gaps

A consolidated platform may not offer all the features and functionality of specialized tools, which could limit the ability of healthcare organizations to address specific security needs.

Resistance to change

Healthcare organizations may face resistance from security teams who are comfortable with their existing tools and processes, making it challenging to adopt new platforms and technologies.

Limited resources

Many healthcare organizations have limited budgets and staffing for cybersecurity, making it challenging for CISOs to implement comprehensive security programs and attract talented professionals.

Legacy systems

Outdated IT systems in healthcare organizations can be difficult to secure and may not be compatible with modern security solutions, hindering efforts to improve cyber resilience.

Complex environments

Healthcare IT environments are often complex and interconnected, with numerous devices and endpoints, making it challenging for CISOs to secure all assets and ensure compliance with regulations such as HIPAA.

Evolving threats

The threat landscape is constantly evolving, with ransomware becoming a significant concern. This requires CISOs to stay informed and adapt their security strategies accordingly.

User awareness

Educating and engaging healthcare staff, including doctors and nurses, on cybersecurity best practices can be challenging, especially in a fast-paced environment where technology awareness may be limited. In KPMG global tech report 2024, 27 percent of respondents agreed that cybersecurity is very frequently (and 21 percent frequently) treated like a box-ticking exercise in staff training and is not embedded as extensively as it could be.

Key opportunities

Addressing tool sprawl and complexity – Healthcare organizations often struggle with an overabundance of security tools from various vendors, leading to complexity, integration challenges, and potential security gaps. By consolidating platforms and leveraging comprehensive solutions from major providers, CISOs can streamline their security stack, improve efficiency, and close security gaps.

Reducing costs and optimizing investments Consolidating security platforms can help healthcare organizations reduce licensing costs, maintenance expenses, and the need for specialized training on multiple tools. By investing strategically in major platforms and adopting healthcare-specific use cases securely, CISOs can optimize their security spend while enhancing their overall security posture.

Healthcare organizations that prioritize cybersecurity awareness and preparedness can benefit greatly. By streamlining their security stack, organizations can better coordinate defenses, reduce security gaps, and allocate resources more efficiently. Ultimately, the right investments can help healthcare organizations protect their patients, data, and reputation in an increasingly complex threat landscape.

Real-world cybersecurity in healthcare

The need for remote and wider access to personal healthcare information has put a spotlight on identity and access management (IAM) solutions.

One of the largest healthcare payers instituted a cloud-based portal for consumers whose health insurance is provided through employers or the marketplace. This portal allows patient information to be accessed by stakeholders (i.e., providers, insurers, caregivers) and digitizes claims for accurate payments. This payer also manages a substantial B2B client base requiring secure information sharing.

To facilitate this patient data transformation, KPMG in the US worked with the company to implement an advanced identity and access management (IAM) solution. This digital solution allows the payer to create a single platform where all B2B and B2C customers can easily register, view their claims, and have smooth sign-on, multi-factor authentication (MFA), and credential management.

KPMG in the US assisted the client in achieving synergies between their insurance and pharmacy benefits management businesses. As part of broader digital transformation, this offered a in-depth view of each member and opportunities to upsell services like wellness programs. The company has also realized synergies between its insurance and pharmacy benefits management businesses, centralizing security efforts to improve their digital-security posture.

Healthcare organizations can benefit from adopting IAM systems to help ensure secure application. These systems integrate capabilities and data sources, enhancing the customer journey, improving patient outcomes, and protecting patient privacy during data-sharing.

Top priorities for healthcare cybersecurity professionals

Developing in-depth incident response plans that outline procedures to identify, contain, eradicate, and recover from various types of cyber attacks.

Implementing robust access controls, encryption, and monitoring for Electronic Health Records (EHRs), helping ensure compliance with regulations, and managing third-party risks to protect patient data and privacy.

Adopting proactive prevention measures and developing rapid response and recovery plans to defend against ransomware attacks.

Implementing detailed security measures for Internet of Medical Things (IoMT) devices, cloud services, and remote workforce to protect against evolving threats.

Developing strategies for recruiting, retaining, and upskilling cybersecurity professionals while leveraging technology to enhance resources.

How KPMG professionals can help

With a deep understanding of the healthcare industry and its unique challenges, we assist CISOs in developing and implementing in-depth cybersecurity strategies that help prioritize resilience, regulatory compliance, and patient safety. Our team of experienced professionals works closely with healthcare CISOs to assess their current cybersecurity posture, identify gaps and vulnerabilities, and develop targeted digital solutions. We also support healthcare organizations in building a strong cybersecurity culture through training and awareness programs for staff at various levels.

Our insights

In an AI-dominated business environment, the foundational principles of cybersecurity are even more critical.
Explore the insights

The CISO’s role in the Energy, Natural Resources and Chemicals sector is no longer confined to the traditional scope of IT security
Explore the insights

CISOs are turning to advanced technologies such as AI to combat soaring cybersecurity threats. But technology alone is not enough.
Explore the insights

CISOs are overwhelmed by the complex challenges of protecting sensitive public data as cyber attacks escalate
Explore the insights

Technology, media and telecommunications sector CISOs are embracing AI and new strategies to foster trust and drive innovation.
Explore the insights

Our people

Anurag Rai
Anurag Rai

Global lead, Cyber security in healthcare, KPMG International; Principal, Advisory, Cyber Security Services

KPMG in the U.S.

Connect with us

KPMG combines our multi-disciplinary approach with deep, practical industry knowledge to help clients meet challenges and respond to opportunities. Connect with our team to start the conversation.

Contact us
Two colleagues having a chat