Prepare, respond and emerge more resilient from healthcare cyber attacks

Recent cyber attacks exposed operational system-wide vulnerabilities and the impact on provider networks, health plans, members and patients cannot be overstated. As our interconnected world continues to face mounting cyber threats, the healthcare industry is particularly vulnerable to breaches that have wide-reaching impact across the ecosystem, from interfering with pharmacies’ ability to fill prescriptions to disrupting organizations’ billing and revenue cycles. 

C-suite leaders have overall responsibility for cybersecurity and each plays an integral role. Leadership’s coordination and communication internally, with third parties and with board members is critical for cyber event readiness, resolution and resilience.

Leading preparedness practices

Organizations that prepare, respond and emerge more resilient from a cybersecurity crisis tend to follow six leading practices for leadership teams and those charged with response and governance.

Discussion Guide

Ecosystem cyber resilience

Ransomware attacks have evolved into sophisticated, high-stakes operations that target businesses — often in the healthcare sector — using double and even triple extortion tactics to wrest millions in payoffs. Cybercriminals can seize control of critical business processes and systems, and steal sensitive data like credit card numbers and personal health information (PHI) that you’re legally obligated to safeguard. There are 6 questions healthcare executives should be asking to prepare for a potential notifiable event.

Learn more

Vendor security checklist

The aftermath of a widespread healthcare cyber attack requires careful evaluation and strategic planning beyond operations and technology resilience capabilities. Leaders should consider key vendor security risks and use a checklist when considering restoring or creating connections with vendors.

Learn more

Board considerations

Cybersecurity attacks have elevated the relevance of operational and technology resilience to board-level consideration. Boards should be informed about management’s resiliency strategy, programs and investments.

Learn more

Steps to resolution

Our webinar replay from February 28th highlights actions you can take now as outlined by specialists from PwC's Crisis Management, Cyber Response and Health Services teams. We are here to help you prepare for cybersecurity risks, respond when a cyber crisis hits and emerge more resilient.

Listen to the replay

Internal controls considerations

The interdependencies in the healthcare ecosystem create unique challenges as organizations face threats themselves or in assessing the implications on third-parties. Beyond specific cybersecurity implications, these incidents create internal control environment challenges across operations, information technology, and financial reporting. Management should apply a consistent controls assessment, ensuring their own control environment remains resilient and effective.

Learn more

Register to download all the latest insights on how your C-suite can be cyber resilient.

Download

Contact us

Thom Bales

Principal, Health Services Advisory Leader, PwC US

David Stainback

US Territory Crisis & Resilience Leader, PwC US

Jeremy Diebling

Principal, Health Services Cybersecurity & Privacy, PwC US

Dave Merriam

Partner, Health Services, Cyber, Risk & Regulatory Sector Leader, PwC US

Audit and Assurance services Consulting Tax services Newsroom Alumni US offices Contact us

© 2017 - 2025 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.

Prepare, respond and emerge more resilient from healthcare cyber attacks

Leading preparedness practices

Ecosystem cyber resilience

Vendor security checklist

Board considerations

Steps to resolution

Internal controls considerations

Register to download all the latest insights on how your C-suite can be cyber resilient.

Related content

Next in health services 2025: Secure your future with resilience and reinvention

The C-suite playbook - Bridging the gaps to cyber resilience

New proposed regulations for cyber incident reporting

Ransomware: what you need to know about the new dangers — and defenses

Contact us