The DNA of Healthcare Cyber Resilience: Why Culture and Communication Define Your Cyber Defense

More than a year after the unprecedented Change Healthcare cyberattack, its repercussions still ripple through the industry. In fact, Change Healthcare continues to issue breach notifications to affected patients while simultaneously working to restore its market reputation.

At a recent CHIME Focus Group during ViVE 2025, participants voiced deep concern about another such breach. They emphasized the need for better communication, collaboration, and shared responsibility across departments and partner networks-key elements that could have mitigated the impact of the Change Healthcare attack.

The missing link in healthcare cyber resilience

Our greatest cybersecurity vulnerability isn't just in our systems but in how effectively our teams collaborate during a crisis. Cyber resilience is not just a matter of IT security. It's a test of whether an organization's culture is truly built for resilience.

Disruptions are inevitable. Healthcare leaders must focus as much on building a culture of resilience as they do on building resilient systems and processes. This is the best way to ensure critical strategic alignment between IT and operations leaders.

Bridging the gap between technical recovery and operational continuity

Many hospitals have well-established recovery time objectives (RTOs) and recovery point objectives (RPOs) that define how quickly IT systems must be restored after an attack. These technical metrics, however, do not always translate into clear operational responses.

For instance, HIPAA mandates that healthcare organizations must restore critical electronic information systems and data within 72 hours following a disruption. Hospital operations teams cannot passively wait for IT restoration. Instead, they should proactively implement business continuity plans, alternative workflows, and patient care strategies during this period.

This gap is becoming more defined as healthcare organizations continue to face incidents and disruptions that reveal deep-seated cultural and communication challenges that no firewall can fix.

The real question isn't just how secure your digital systems are, but whether your organization has built the business resilience required to continue operations when systems inevitably go down.

A recipe for success

Cyber resilience is about ensuring that clinical workflows, patient safety, and operational efficiency remain intact under extreme circumstances. Based on CTG's decades of experience working with healthcare organizations of all types and sizes, here are what I see as the three imperatives for building a culture of resilience in healthcare:

1. Reframe communications as a first line of defense

During cyber disruptions, traditional top-down communication often fails because it assumes timely delivery, clear comprehension, and immediate action at every level of the organization. In reality, key personnel rarely receive critical updates when they need them most, leaving them unable to act quickly or implement effective workarounds to keep operations running. This is leading top healthcare organizations to rethink their cybersecurity-related communication approaches as so:

• Break departmental silos and deliver consistent communication so all employees understand the situation, their role, and how to collaborate to remain operational.
• Establish backup communication protocols that work when IT systems are down.
• Ensure third-party and fourth-party partners are informed and aligned with cyber resilience processes and are conducting regular compliance checks.

Healthcare systems that have successfully navigated cyber incidents often have robust, well-rehearsed communication strategies that ensure clarity at every level-from leadership to frontline staff and partners.

Some organizations have deployed offline command centers to coordinate response efforts during system outages while others rely on pre-established emergency communication chains that integrate IT, operations, and clinical staff into a single, real-time response network, with clear actions and accountabilities

2. Build a culture of shared responsibility

Healthcare organizations can no longer afford to view cybersecurity as solely an IT responsibility-this outdated model is failing. Effective cyber resilience demands share ownership across all levels of the organization, including:

• Embedding security into clinical workflows rather than treating it as a standalone IT function.
• Building "muscle memory" for downtime procedures through regular cross-department training and real-world simulations.
• Ensuring the C-suite and board is actively engaged to ensure cyber resilience strategies are prioritized and aligned with business objectives.

The cost of ignoring this shared responsibility is clear. Ransomware attacks can cost hospitals millions in direct financial losses, regulatory fines, and reputational damage. Proactive investment in cyber resilience through better training, process alignment, and coordinated response planning can drastically reduce downtime, financial risk, and reputational harm.

Healthcare organizations that integrate security protocols into daily clinical routines rather than treating them as an afterthought see lower disruption rates during cyber incidents. The ROI is profound: the cost of implementing these measures is a fraction of the potential losses from a cyber disruption.

3. Bridge the experience gap

A major challenge in cyber resilience is aligning skill sets between a multi-generational workforce, where some lack the practical experience needed to navigate both digital and analog processes during disruptions. Additionally, diverse communication systems and preferences across these various cohorts can also create confusion in critical moments.

Rather than seeing these differences as vulnerabilities, leading organizations are turning them into strengths by:

• Cross-training staff to improve their ability to work in either digital or analog processes during disruptions, depending on their experience.
• Appointing or hiring continuity leaders to guide teams through downtime processes.
• Investing in real-time crisis communication tools that cater to different preferences.

The financial case for bridging the experience gap is undeniable. The Change Healthcare attack reportedly led to millions in lost revenue and operational disruption. Many of these costs could have been preempted with a well-prepared workforce capable of operating in a compromised environment.

Culture can be your strongest cyber defense

Your organization's resilience to cyber threats isn't determined solely by your technology stack - it's embedded in your culture. Cybersecurity resilience is about fostering an environment where every team member understands their role in maintaining continuity.

Even the most advanced security tools are useless if teams cannot communicate and collaborate effectively when systems fail. Healthcare providers must shift their mindset from cybersecurity as a purely technical function to a holistic, organization-wide responsibility.

By rethinking communication strategies, embracing shared responsibility, and bridging generational experience gaps, healthcare organizations can transform cyber resilience from a reactive IT function into a fundamental pillar of operational success.

If your organization is looking to assess its cyber resilience posture and build an integrated response strategy, our team at CTG can help. Contact us to learn more about our healthcare-focused resilience solutions.