Risk Assessments/Management, Critical Infrastructure Security

KLAS: Cybersecurity, RCM lead healthcare investments post-pandemic

electronic health records
A KLAS Research and Bain & Company survey identified cybersecurity, telehealth and clinical systems among healthcare investment priorities. (Air Force)

A recent survey from Bain & Company in collaboration with KLAS Research shines a light on healthcare investments post-pandemic, finding providers are focusing investments in the next year on three key areas: cybersecurity, patient intake or flow, and revenue cycle management.

Telehealth and clinical systems were also listed as investment priorities.

While their survey sample was just 289 healthcare executives, the findings help glean possible insights into how providers are allocating budgets — even ahead of a possible recession. The survey suggests that even as hospitals emerge from the pandemic, “they’re doubling down on software investments. 

Privacy and security software was listed as an investment priority, as the spate of cyberattacks against the sector have remained consistent before, during, and after the pandemic response. But the investments are occurring as “the risks have risen.”

“As a result of the increase in the number of nodes in provider tech ecosystems, there’s been a surge in security breaches,” according to the report. And those data breaches are growing increasingly expensive, up nearly 40% since 2020.

Healthcare investments take privacy and security concerns into consideration amid difficulties in current climate

More than ever, regional health systems, freestanding hospitals, and mental health providers have become keenly focused on privacy and security investments to address these concerns and threats. The report notes cybersecurity and IoT security are key investment areas.

The report also examined how providers are using software in this current climate, particularly in the face of financial pressures, staffing shortages, cybersecurity risks, and the proliferation of health IT vendors. The report notes provider organizations are leveraging a combination of tactics, with many deploying fresh software solutions to mitigate the possible impact.

For cybersecurity risks specifically, “providers are increasingly streamlining bloated tech stacks and looking to their electronic medical records providers and other existing vendors for new solutions before evaluating new vendor offerings,” according to the report.

Security threats and targeted cyberattacks against the healthcare industry are likely to continue into the foreseeable future. As the Biden administration continues to signal initiatives designed to better protect critical infrastructure organizations like healthcare, the researchers note there’s a possibility that “regulators could introduce enhanced security mandates,” or even provide cybersecurity funding.

However, as noted in earlier reporting, it’s important for providers to continue forward with efforts to strengthen current posture as congressional efforts take time. Best practice measures and investments should concentrate on a multi-layered approach with effective firewalls and patch management, in an effort to move toward a zero-trust journey.

For healthcare software vendors, the researchers stressed the importance of aligning their marketing messaging with the current challenges facing providers. As noted in a recent report, many software and IT vendors attempt to break into the healthcare market. But to do so successfully, these teams must build strong partnerships with providers and have healthcare experience on the team.

The report notes that vendors should also be prepared to provide “measurable financial and clinical ROIs of their products, while underscoring differentiated security protocols and/or functionality.” Lastly, “highlight differentiated security features, as software vendors with cutting-edge security accreditations, features, and functionality can stand out.”

Jessica Davis

The voice of healthcare cybersecurity and policy for SC Media, CyberRisk Alliance, driving industry-specific coverage of what matters most to healthcare and continuing to build relationships with industry stakeholders.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.