“Not Just Business Continuity - Clinical Continuity”
Post Summary
Cyberattacks in healthcare are no longer just IT issues - they directly threaten patient safety. Clinical continuity ensures uninterrupted patient care during system failures or cyber incidents, prioritizing safety over general operational recovery. With ransomware attacks disrupting 54% of U.S. healthcare providers in 2023 and the average breach costing over $10 million, the stakes are life-threatening.
Key Points:
- Why It Matters: Cyberattacks disrupt care, delay treatments, and endanger lives. In 2023, 133M healthcare records were exposed, costing $14.7B in downtime.
- Main Threats: Ransomware, IoMT vulnerabilities, and IT disruptions affect patient safety, with 92% of healthcare providers hit by cyberattacks in the last year.
- Solutions: Risk assessments, clear incident protocols, secure backups, and AI-powered tools like Censinet RiskOps™ can protect care delivery.
- Actionable Steps: Train staff, test response plans, and prioritize critical systems like EHRs and imaging tools.
Healthcare leaders must integrate cybersecurity into patient safety strategies. Investing in clinical continuity is not just about saving money - it saves lives.
Cybersecurity is a Patient Safety Issue - Imprivata at ViVE2023
Main Threats to Clinical Continuity
Healthcare organizations today face a growing array of cyber threats that jeopardize not just data security but also patient care and clinical operations. These threats have escalated far beyond data theft, evolving into sophisticated attacks that can disrupt care and, in extreme cases, endanger lives.
Cybersecurity Threats: Ransomware and Data Breaches
Ransomware attacks have become a major threat to healthcare systems, often leading to canceled procedures, patient diversions, and critical delays as organizations resort to manual record-keeping. These disruptions can have serious consequences for patient care.
In early 2025 alone, more than 650 security incidents were reported, exposing sensitive data belonging to over 32 million individuals [3]. Healthcare breaches are particularly costly, with the average incident in 2024 amounting to $11.45 million [3]. Alarmingly, 92% of healthcare organizations reported experiencing at least one cyberattack in the past year [7].
"The increasing frequency and sophistication of cyberattacks in the healthcare sector pose a direct and significant threat to patient safety. Any cyberattack on the healthcare sector that disrupts or delays patient care creates a risk to patient safety and crosses the line from an economic crime to a threat-to-life crime."
- John Riggi, Cybersecurity Advisor to the American Hospital Association [3]
Recent incidents highlight the devastating impact of these attacks. In January 2025, Frederick Health Medical Group suffered a ransomware attack that compromised the personal and medical data of over 934,000 individuals. While their core EMR systems remained intact, attackers accessed a shared file server containing sensitive information, including Social Security numbers, insurance details, and clinical records, before encrypting the data [3].
Another example occurred in February 2025, when the Termite ransomware group exploited an unpatched Citrix vulnerability to infiltrate the Australian fertility provider Genea. The attackers accessed critical systems, including the patient management platform, and exfiltrated highly sensitive data such as pathology reports, treatment notes, and ultrasound scans [3]. These types of records go beyond standard healthcare data, making their exposure particularly damaging.
Phishing schemes also remain a persistent issue, targeting healthcare workers with deceptive emails, texts, and calls to steal credentials or install malware. According to the HIMSS 2024 Healthcare Cybersecurity Survey, phishing attacks take many forms:
| Phishing Type | Percentage Affected |
|---|---|
| General email phishing | 63% |
| SMS phishing | 34% |
| Spear phishing | 34% |
| Business email compromise | 31% |
| Phishing websites | 21% |
| Malicious ads | 20% |
| Social media phishing | 19% |
| Vishing (voicemail) | 17% |
| Whaling (executive fraud) | 16% |
Phishing-related breaches are incredibly costly, with an average impact of $9.77 million per incident in 2024 [4]. Moreover, 78% of organizations affected by ransomware needed more than a week to recover fully [7].
IoMT and Connected System Vulnerabilities
The rise of the Internet of Medical Things (IoMT) has transformed patient care, connecting devices like infusion pumps and imaging systems to broader networks. However, these innovations have also created new vulnerabilities.
A staggering 70% of IoMT devices are susceptible to known malware, and 75% of infusion pumps have security gaps. Additionally, 63% of healthcare organizations have experienced security incidents involving unmanaged IoT devices [8] [10] [11].
"Vulnerability management can help hospitals monitor all their devices, assess risks, prevent threats, and meet compliance requirements. The result is improved cyber resilience, operational continuity and, most importantly, patient safety."
Several factors contribute to these vulnerabilities. Many IoMT devices lack proper encryption, leaving patient data exposed during transmission. Weak authentication mechanisms make it easier for attackers to gain unauthorized access, and irregular firmware updates leave devices open to exploitation. Some devices even require FDA approval before updates can be applied, delaying critical patches [8] [9]. When compromised, these devices can lead to data breaches, device malfunctions, and even patient harm. Additionally, Distributed Denial of Service (DDoS) attacks can overwhelm IoMT networks, disrupting operations and delaying access to vital patient information [8].
Traditional IT security measures often fall short when it comes to protecting IoMT devices. The inability to install security agents and the challenges of managing legacy systems create additional hurdles, leaving healthcare organizations exposed [11].
How IT Disruptions Affect Patient Care
IT disruptions have a direct and cascading impact on patient safety. When critical systems fail, healthcare providers lose access to essential tools like patient records, medication histories, and diagnostic systems - often at the worst possible moments.
The vulnerabilities across healthcare networks are staggering. For example, 99% of healthcare networks contain critical vulnerabilities in IoMT and operational technology (OT) devices [12]. Additionally, 89% of organizations run medical systems that are susceptible to publicly available exploits, and 8% of imaging systems are connected online with known exploited vulnerabilities (KEVs) linked to ransomware [12].
"Hospitals are under immense pressure to digitally transform while ensuring the security of critical systems that support patient care."
Even building management systems (BMS), which control operations like medication storage and patient transport, can be compromised. When these systems fail, the resulting delays in treatment can have severe consequences [12].
The financial and operational fallout from these breaches is immense. Since 2020, over 500 million healthcare records have been stolen or compromised [5]. By the end of 2024, 259 million Americans had their records exposed in part or in full [5]. One notable example is the 2024 ransomware attack on Change Healthcare, which affected the sensitive data of 190 million individuals. The breach cost an estimated $2.457 billion, making it the most expensive healthcare breach on record [6] [7].
Cybersecurity in healthcare is far more than an IT issue - it is a matter of patient safety. As Tedros Adhanom Ghebreyesus, Director-General of the World Health Organization, put it:
"Let's be clear… ransomware and other cyberattacks on hospitals and other health facilities are not just issues of security and confidentiality; they can be issues of life and death."
- Tedros Adhanom Ghebreyesus, Director-General of the World Health Organization (WHO) [3]
When IT systems fail, the consequences ripple across clinical operations, undermining the ability to provide safe and effective care.
How to Build a Clinical Continuity Plan
Creating a strong clinical continuity plan revolves around one key priority: patient safety. Unlike general operational recovery plans, clinical continuity focuses on maintaining life-critical care. Below, we’ll break down the essential components, practices, and tools that form the backbone of a reliable plan designed to keep care uninterrupted.
Clinical Continuity Plan Components
A solid clinical continuity plan begins with a risk assessment. This step identifies vulnerabilities - ranging from cyberattacks to natural disasters - within technologies, processes, and personnel. The goal is to pinpoint and address weaknesses that could disrupt patient care.
Next, it’s crucial to prioritize critical systems. Healthcare organizations need to determine which systems are indispensable for patient care and set recovery priorities accordingly. The table below illustrates how systems can be ranked based on their impact:
| System/Service | Impact on Patient Care | Impact on Business Operations | Priority |
|---|---|---|---|
| EHRs | High | High | Critical |
| Radiology and Imaging Systems | High | Medium | High |
| Laboratory Information Systems | High | Medium | High |
| Practice Management Systems | Medium | High | Medium |
| Telehealth Platforms | Medium | Medium | Medium |
Incident response procedures must be tailored to healthcare settings. These protocols should detail step-by-step actions, communication strategies, recovery processes, and escalation paths that align with clinical workflows.
Disaster recovery measures are equally vital. These include data protection tools, on-site infrastructure for quick failover, and off-site backups. Regular testing ensures that backups work as intended when needed most.
The plan should also address staff safety during emergencies. As Woody Dwyer, a Travelers Risk Control industrial hygiene professional, explains:
"Specifically addressing the unique risks to doctors, nurses and other healthcare workers during an emergency can help reduce the chance of injuries that could lead to the loss of critical employees" [13].
Clinical Continuity Best Practices
To ensure effective recovery, healthcare organizations should follow these best practices:
- Secure backup systems: Implement multiple layers of backups, including local backups for fast recovery and off-site options for disaster scenarios.
- Network segmentation: Isolate critical systems to contain threats and maintain accessibility during incidents.
- Access controls: Use role-based access controls to limit sensitive data access to authorized personnel. Add multi-factor authentication for extra security.
-
Regular staff training: Every healthcare worker should understand their role during a cyber incident. As Barbara Pelletreau, Former Senior Vice President of Patient Safety, notes:
"The cybersecurity plan should not just be for IT...creating that culture of raising your hand and speaking up is key" [2].
- Drills and simulations: Conduct tabletop exercises and red team/blue team simulations to test plans and improve coordination between clinical and IT teams.
-
Downtime procedures: Establish clear protocols for handling system outages. Robert Bell, a Travelers Risk Control safety professional, highlights the importance of understanding potential disruption timelines:
"Have you accurately determined that true downtime? Having an accurate idea of the potential size and scope of a disruption can help healthcare organizations understand how long they could be without power or out of operation" [13].
Finally, integrating emergency management with cyber-incident response ensures all stakeholders know how to work together during a crisis.
Using Censinet RiskOps™ for Risk Management
Specialized tools like Censinet RiskOps™ can enhance clinical continuity strategies. This platform centralizes risk management, aligning with the practices outlined above.
- Automated workflows streamline risk assessments and remediation efforts, helping healthcare leaders respond more efficiently.
- Risk visualization tools provide real-time monitoring, giving teams a clear picture of disruptions and enabling coordinated responses.
- AI-powered risk assessments through Censinet AI™ accelerate processes like security questionnaire analysis, evidence validation, and reporting - all while keeping human oversight in decision-making.
Censinet RiskOps™ also fosters collaboration by unifying clinical and IT responses. A shared view of risks and activities ensures that everyone involved can make informed decisions quickly.
The platform’s analytics help organizations refine their plans by identifying trends and measuring response effectiveness, keeping them prepared for future challenges.
As John Riggi, National Advisor for Cybersecurity and Risk at the American Hospital Association, warns:
"The frequency, severity, and impact of disruptive cyberattacks have increased dramatically over the last several years, especially 2023, and we need to be prepared for that. And ultimately, when hospitals are attacked with ransomware, lives are threatened, and we need to plan accordingly" [2].
Clinical continuity plans don’t just save money - they save lives. Research shows that organizations with incident response plans save approximately $2.66 million per breach compared to those without plans [14]. More importantly, these plans ensure uninterrupted patient care during system failures, safeguarding both lives and reputations in the process.
sbb-itb-535baee
Technology Tools for Clinical Continuity
Healthcare organizations rely on dependable technology to guard against cyber threats while ensuring clinical workflows remain uninterrupted. These tools are essential not only for data protection but also for keeping operations running smoothly, even during unexpected system failures or cyberattacks.
Key Technology Solutions for Clinical Continuity
Real-time communication platforms are vital during emergencies, enabling instant collaboration among clinical teams, IT staff, and leadership. These platforms integrate seamlessly with existing hospital systems and provide secure, HIPAA-compliant messaging. More importantly, they maintain functionality even when networks are disrupted, ensuring critical communication channels stay open.
Backup and recovery systems are indispensable for safeguarding data and restoring operations. Layered backup solutions, tested regularly, ensure that vital systems can be quickly recovered during a crisis.
Network segmentation tools play a crucial role in containing threats while ensuring essential clinical systems remain accessible. By isolating critical infrastructure, such as electronic health records and medical devices, these tools limit attackers' ability to move laterally within the network.
Threat detection and response (TDR) solutions combine endpoint monitoring, network surveillance, and automated responses to identify and neutralize threats before they impact patient care. Regular updates and upgrades ensure these systems stay equipped with the latest threat intelligence [15].
Centralized risk management platforms, like Censinet RiskOps™, bring together all these components under one roof. These platforms use automated workflows for risk assessments, real-time monitoring, and collaborative tools, aligning clinical and IT responses to prioritize patient safety during disruptions.
Together, these technologies support ongoing governance and operational resilience, embedding clinical continuity into broader organizational strategies.
Benefits of AI-Powered Risk Management
Artificial intelligence is transforming how healthcare organizations detect, assess, and respond to risks that could disrupt clinical operations. One standout advantage is how it speeds up risk assessments. Tasks that once took weeks, like reviewing lengthy security questionnaires, can now be completed in seconds. AI tools analyze vast datasets, summarize vendor evidence, highlight integration details, and generate detailed risk reports almost instantly.
AI also supports better decision-making by turning unstructured data into structured insights, helping teams quickly identify and address high-risk situations [16]. Additionally, it streamlines incident reporting by standardizing data based on event type and severity, reducing the administrative load on risk management teams. This allows staff to focus more on implementing safety measures rather than drowning in paperwork [16].
While AI accelerates processes, human oversight remains essential to translate its findings into effective clinical responses [16].
Continuous monitoring is another strength of AI, allowing it to track multiple risk factors simultaneously. Early warnings from AI systems help address potential issues before they escalate into major incidents that could jeopardize patient care.
Clinical Continuity Technology Comparison
The table below provides an overview of recovery times and ideal use cases for various technologies, helping decision-makers align solutions with their operational needs.
| Technology Type | Primary Function | Recovery Time | Best For |
|---|---|---|---|
| Local Backup Systems | Data protection and quick recovery | Minutes to hours | Rapid restoration of critical systems |
| Cloud-Based Backup | Disaster recovery and off-site storage | Hours to days | Long-term data protection |
| Real-Time Communication | Staff coordination during incidents | Immediate | Emergency response coordination |
| TDR Solutions | Threat detection and automated response | Real-time | Comprehensive cybersecurity defense |
| AI-Powered Risk Management | Automated risk assessment and monitoring | Real-time | Scalable risk management operations |
The choice of technology depends on factors like the size of the organization, budget, and specific risk profiles. Integration with existing systems is critical for seamless operation [19]. Equally important is usability - systems that complicate workflows or frustrate users can lead to errors, especially during high-stress situations [18]. Interoperability ensures smooth workflow automation by providing standardized data access across departments [17].
With 60% of healthcare CIOs citing inefficient processes and lack of automation as major pain points [19], the right tools can streamline workflows and enhance patient safety - even in the face of cybersecurity threats.
Governance, Compliance, and Ongoing Improvement
Building on the strategies we’ve discussed, effective governance is the backbone of maintaining clinical continuity. It ensures that patient safety remains a central focus, even during disruptions. Organizations that excel in this area establish strong frameworks not only to meet regulatory demands but also to encourage a mindset of constant improvement.
Adding Clinical Continuity to Governance Frameworks
As previously mentioned, healthcare governance involves the policies, roles, and processes that guide an organization’s operations, ensuring alignment with its goals [21]. By integrating clinical continuity into these frameworks, it shifts from being viewed as merely an IT concern to becoming a critical patient safety priority.
Enterprise Risk Management (ERM) plays a key role here by offering a unified view of various risks - whether operational, financial, or strategic - while also addressing clinical continuity [22]. This comprehensive approach has evolved from its earlier focus on clinical issues and malpractice claims to include areas like cybersecurity, operational resilience, and patient safety. To achieve this, healthcare organizations conduct wide-ranging risk assessments that cover everything from technology and human capital to legal and patient safety risks [23].
Regulatory compliance is another cornerstone of clinical continuity governance. Healthcare providers must navigate an intricate web of requirements, such as HIPAA, HITECH, and state-specific regulations. For instance, in October 2024, New York State introduced a rule requiring hospitals to report any "material cybersecurity incident" to the Department of Health within 72 hours of discovery.
Tools like Censinet RiskOps™ streamline collaboration between Governance, Risk, and Compliance teams. These platforms centralize processes, ensuring that critical findings and tasks reach the right stakeholders. This approach helps prioritize clinical continuity concerns and ensures they are addressed promptly.
Organizational and Cultural Factors
Creating a culture that prioritizes patient safety and clinical continuity takes effort at every level. Leadership plays a pivotal role in setting this tone by allocating resources, backing initiatives, and demonstrating the importance of clinical continuity as a safety issue [26]. Open communication is equally vital, encouraging staff to report potential safety risks without fear of blame or retaliation [26]. This transparency is especially critical during cybersecurity incidents, where quick information sharing can prevent small issues from escalating.
A "just culture" focuses on identifying and fixing system-level issues rather than assigning blame to individuals [27]. Coupled with psychological safety - where staff feel secure in reporting errors - this approach strengthens the organization’s ability to respond effectively to challenges [27]. Collaboration across IT, clinical teams, and leadership is also essential. Breaking down silos fosters trust and ensures smoother incident response.
With preventable medical errors causing between 44,000 and 98,000 deaths annually [20], the stakes for building the right organizational culture couldn’t be higher. Healthcare leaders can also address systemic challenges like staffing shortages and heavy workloads through targeted interventions, improving both day-to-day care and emergency readiness [25].
Ongoing Improvement Process
Sustaining these cultural and organizational changes requires a commitment to continuous improvement. Clinical continuity planning must remain dynamic, evolving in response to new threats, regulatory updates, and lessons from past experiences. Treating these plans as living documents - not static policies - leads to better outcomes during disruptions.
Regular evaluations of safety performance and evidence-based strategies are key to this process [26]. For example, gap analyses can help identify weaknesses in cybersecurity measures [24], while actions like implementing strong access controls, conducting regular audits, and providing comprehensive training can address these gaps [24].
Simulation exercises and gap analyses are particularly valuable for preparing stakeholders - clinical staff, IT teams, and leadership alike. These exercises test communication protocols, decision-making processes, and overall coordination, ensuring readiness for real incidents. Testing and refining incident response plans regularly uncovers vulnerabilities and builds confidence among staff.
Leadership involvement in these improvement efforts sends a strong message about the importance of clinical continuity. By participating in simulations, reviewing incident reports, and allocating resources to update plans, executives demonstrate their commitment. Recognizing and rewarding employees who identify risks or suggest improvements further reinforces the idea that clinical continuity is everyone’s responsibility.
Finally, as healthcare evolves, integrated ERM tools help align clinical continuity with patient care priorities [23]. While the landscape may change, the ultimate goal remains the same: ensuring uninterrupted, high-quality care for every patient.
Conclusion: Making Clinical Continuity a Priority for Patient Care
The healthcare industry is grappling with a daunting challenge: ensuring patient care remains uninterrupted while navigating an increasingly complex landscape of threats. Clinical continuity is no longer just a technological consideration - it’s a critical patient safety mandate for healthcare leaders in the U.S.
Key Takeaways
Healthcare organizations must prioritize the integration of cybersecurity and operational resilience. The stakes are high - downtime costs a staggering $7,900 per minute, amounting to $14.7 billion in 2023 alone [30]. Beyond the financial impact, system failures can lead to delayed surgeries, postponed treatments, and inaccessible medical records. These disruptions directly affect patient outcomes, sometimes with life-threatening consequences [28]. For instance, the 725 breaches in 2023 that exposed over 133 million healthcare records underscore how lapses in data protection can jeopardize patient safety [28].
"Healthcare institutions don't get sick or out of service days and neither should your clinics' or practices' critical business systems and services."
– BTI Group [28]
A robust approach to continuity planning is essential. By integrating cybersecurity measures, reliable data backups, and adherence to regulatory standards, healthcare organizations can ensure clinical workflows remain operational even during disruptions [28]. This commitment underscores that secure and continuous clinical operations are indispensable for safeguarding patient care.
Technology has a pivotal role in this transformation. AI-driven platforms like Censinet RiskOps™ empower healthcare organizations to mitigate risks across their ecosystems, from third-party vendors to medical devices [31]. For example, Tower Health successfully reallocated three full-time employees to other critical tasks while conducting more risk assessments with fewer resources [31]. These examples highlight the urgency for healthcare leaders to take decisive, strategic action.
Actionable Steps for Healthcare Leaders
To address these challenges, healthcare leaders must treat cybersecurity as a cornerstone of patient safety and integrate it into their broader risk management and operational strategies [1]. This starts with conducting comprehensive risk assessments to identify vulnerabilities that could disrupt operations or compromise patient safety [29]. Crisis response plans should be developed for various scenarios - such as natural disasters, cyberattacks, or pandemics - and staff should undergo regular training and simulations to ensure they are prepared to act swiftly and effectively [29].
"Recent ransomware attacks on critical healthcare suppliers have been a wakeup call for the industry, driving the importance for cyber resiliency of our vendors and third-party products."
– Greg Garneau, Chief Information Security Officer at Marshfield Clinic Health System [32]
Solutions like Censinet RiskOps™ can streamline third-party risk management, enhancing both patient safety and operational efficiency [32]. Investing in clinical continuity technology is not just about protecting data; it’s about improving patient outcomes. With over half (54%) of U.S. healthcare organizations experiencing ransomware attacks in 2023 - and 59% reporting negative impacts on patient care [2] - proactive measures are essential to maintain the trust patients place in their providers.
FAQs
How can healthcare providers maintain clinical operations during a cyberattack?
Healthcare providers can keep clinical operations running during a cyberattack by putting a clinical continuity plan into action. This plan should focus on ensuring critical patient care remains uninterrupted. Key steps include training staff to identify and handle threats like phishing attempts, setting up secure backup systems to safeguard vital data, and using real-time communication tools to coordinate care seamlessly.
Equally important is having an incident response plan designed specifically for healthcare environments. This plan should detail how to minimize disruptions, protect patient safety, and restore systems as quickly as possible. By staying prepared and building resilience, healthcare organizations can manage IT disruptions effectively and continue providing excellent care, even in challenging situations.
What are the top cybersecurity threats healthcare providers face today?
Healthcare providers are grappling with a range of serious cybersecurity challenges, including ransomware attacks, phishing scams (like spear phishing and business email compromise), malware infections, distributed denial-of-service (DDoS) attacks, insider threats, and supply chain vulnerabilities. These threats not only disrupt clinical workflows but also put sensitive patient information at risk.
Among these, data breaches and hacking incidents stand out as major culprits, often exposing millions of patient records. Cyber threats such as ransomware and IT system outages consistently rank as top concerns for healthcare organizations worldwide. This underscores the urgent need for strong security protocols and forward-thinking strategies to safeguard patient care and maintain operational stability.
Why should healthcare leaders include cybersecurity as part of their patient safety plans?
Healthcare leaders need to weave cybersecurity into their patient safety plans to protect sensitive information and ensure care isn't disrupted. Cyberattacks and IT failures can throw clinical workflows off track, delay treatments, and put patient outcomes at risk.
By making cybersecurity a core part of safety strategies, healthcare organizations can protect vital systems, keep operations running smoothly, and focus on patient well-being - even during unforeseen challenges. This forward-thinking approach ensures providers can deliver steady, reliable care while reducing risks to both patients and the organization.
