EY US-KLAS healthcare cybersecurity survey reveals cyber capability enablement a top business priority

As data breaches become more sophisticated, 81% of healthcare organizations believe that integrating cybersecurity into the core business strategy — beyond a defensive posture — is effective in improving operational efficiencies to deliver better outcomes.

• Most health organizations (72%) experienced a moderate to severe financial impact from cyber incidents in the past two years.
• Respondents reported operational disruptions (60%) and faced clinical consequences (59%), including delayed treatments and compromised patient trust.
• Health organizations experienced an average of five different types of cyber threats that impacted their organizations in the past year. Phishing, third-party breaches and malware were identified as the top threats.

NEW YORK, Nov. 3, 2025 /PRNewswire/ -- Ernst & Young LLP (EY US) and KLAS Research (KLAS) today announced the release of its US Healthcare Cyber Resilience Survey, which gathered insights from 100 healthcare executives responsible for cybersecurity decisions within their organization. The findings, including perspectives garnered in person in collaboration with KLAS, shed light on the urgent need for healthcare systems to elevate cyber resilience to a strategic priority to deliver better outcomes, create value and protect patients. 

The survey underscores the threat of cyber vulnerabilities to business operations and patient care delivery in both large and small systems. Over 70% of health organizations reported significant financial, operational or clinical disruptions due to cyber threats (with an average of five different types) in the past year.

"Cybersecurity is more than a compliance checkbox — it drives safe care, patient trust and long-term success. Treating cyber resilience as a strategic priority empowers healthcare systems to thrive amid rising threats," said Nana Ahwoi, EY Americas Consumer and Health Cybersecurity Industry Leader.

The report outlines six ways health executives can create cyber strategies to accelerate their success:

As cybercriminal sophistication evolves, health organizations are looking to adapt their strategies for monitoring and enforcing access controls. Sixty-eight percent of survey respondents said identity and access management would be the top priority for increasing investments in the coming fiscal year, and 81% said prioritizing cybersecurity in their business strategy is effective in overcoming challenges. Additionally, just over half of the respondents (52%) said training and upskilling personnel is another effective tool to combat cyber challenges.

Key findings from the report include:

• Strategic business priority: Healthcare leaders must shift from viewing cybersecurity as a compliance or IT issue to recognizing it as a core enabler of business strategy, patient safety and operational resilience.
• Widespread impact: Over 70% of surveyed organizations experienced significant financial, operational or clinical disruptions due to cyber threats — highlighting the urgent need for proactive investment and leadership alignment.
• Securing healthcare access: With the rise of AI-driven threats and complex vendor ecosystems, healthcare organizations are prioritizing identity controls and vendor oversight to protect sensitive data and ensure continuity of care.
• Innovation and trust: Robust cybersecurity supports the safe adoption of AI, automation and remote care models — allowing healthcare systems to modernize confidently while preserving patient trust and data integrity.

"Healthcare leaders must prioritize workforce cyber training and readiness to unlock the full value of cybersecurity investments — ensuring safe patient care and strengthening system resilience," concluded Ahwoi.

For more information and to access the full report, visit US Healthcare Cyber Resilience Survey | EY - US

About EY 

EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. 

Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. 

EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected multidisciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories. 

All in to shape the future with confidence. 

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. Information about how EY collects and uses personal data and a description of the rights individuals have under data protection legislation are available via ey.com/privacy. EY member firms do not practice law where prohibited by local laws. For more information about our organization, please visit ey.com. 

About EY Consumer and Health 

The rise of the empowered consumer, coupled with technology advancements and the emergence of digitally focused entrants, is changing every aspect of health and care delivery. To retain relevancy in today's digitally focused, data-infused ecosystem, all participants in healthcare today must rethink their business practices, including capital strategy, partnering and the creation of patient-centric operating models. 

The EY Consumer and Health architecture brings together a worldwide network of 34,000 professionals to build data-centric approaches to customer engagement and improved outcomes. We help our clients deliver on their strategic goals; design optimized operating models; and form the right partnerships so they may thrive today and succeed in the health systems of tomorrow. We work across the ecosystem to understand the implications of today's trends, proactively finding solutions to business issues and to seize the upside of disruption in this transformative age. 

Research methodology

The survey was conducted to include 100 C-suite executives from payer, provider, medical device manufacturing and distributor, academic medical center and pharma companies responsible for cybersecurity-related decisions within their organization.

In addition, EY US and KLAS hosted an in-person forum where cyber healthcare executives shared their views on cybersecurity resilience.

About KLAS

KLAS is a research and insights firm on a global mission to improve healthcare. Working with thousands of healthcare professionals and clinicians, KLAS gathers data and insights on software and services to deliver timely reports and performance data that represent provider and payer voices and act as catalysts for improving vendor performance. The KLAS research team publishes reports covering the most pressing questions facing healthcare technology today, including emerging technology insights, that provide early insights on the future of healthcare technology solutions. KLAS also fosters measurement and collaboration between healthcare providers and payers and best practice adoption. Learn more at klasresearch.com.

Contact: Caroline Acton
Email: caroline.acton1@ey.com 

View original content to download multimedia:https://www.prnewswire.com/news-releases/ey-us-klas-healthcare-cybersecurity-survey-reveals-cyber-capability-enablement-a-top-business-priority-302602895.html

SOURCE EY