Cyber-Physical Impacts and Consequences in Healthcare During Normal Times and Crises

Lee Kim JD CISSP CIPP/US

August 26, 2025

# min read

  • Article
  • Cybersecurity and Privacy

Healthcare organizations face a growing convergence of cyber and physical threats — risks that can intensify during periods of armed conflict or heightened geopolitical tension. Government threat assessments indicate a steady escalation in hostile cyber activity, historically aimed at government, financial, and energy sectors, but increasingly targeting healthcare. Hospitals that conduct research, handle commercially or militarily valuable data, or support government bodies are especially high-value targets. Many of these organizations may already have been targeted by advanced persistent threats (APTs) probing for vulnerabilities.

Beyond Business Continuity: Planning for Crisis Conditions

Continuity planning in healthcare must go well beyond the scope of traditional business continuity and disaster recovery. Business continuity sustains essential operations during and after a disruption, while disaster recovery restores systems after failure. In scenarios involving armed conflict, unstable utilities, or prolonged outages, hospitals must be prepared to deliver critical services without reliable internet, power, water, or other infrastructure. Resilience strategies should account for disruptions to supply chains, business processes, technology systems, and clinical functions — ensuring care continues even under the most adverse conditions.

Practical guidance is available in the HIMSS Cybersecurity Tips for Small Practices resource guide—developed by the HIMSS Cybersecurity, Privacy, and Security Committee -- comprised of experts with a global view that shares actionable insights with constituencies across the healthcare ecosystem on current trends and best practices on privacy, cybersecurity, and physical risk landscape.

Trends from the HIMSS Healthcare Cybersecurity Survey

For over fifteen years, the HIMSS annual privacy and cybersecurity survey has tracked trends and priorities in the sector. While funding for security and cybersecurity has risen since 2020, the volume and sophistication of attacks have surged. The 2024 HIMSS Healthcare Cybersecurity Survey (published Q1 2025) found phishing remains a leading cause of compromise — a trend mirrored in breach reports from the U.S. Department of Health and Human Services’ Office for Civil Rights, where hacking and phishing dominate reported incidents.

Escalating Threats and Hybrid Warfare

Hostile cyber operations are now recognized as part of hybrid warfare, capable of weakening national infrastructure and public trust. The growing number of connected systems and devices means cyber intrusions can trigger real-world physical impacts. Healthcare organizations also depend on several critical elements to safely and effectively continue operating:

  • Internet, electricity, and water
  • Manufacturing
  • Supply chain integrity and security of essential goods, equipment, and materials
  • Access to infrastructure, such as ports

Building Resilience in Peacetime and Crisis

Building resilience in both peacetime and crisis requires deliberate planning and preparation. Healthcare organizations must safeguard the continuity and integrity of their supply chains, ensuring that equipment, medicines, and other critical resources remain available even under stress. They must be ready for the loss or simultaneous disruption of key dependencies — from utilities to technology infrastructure — and have strategies in place to adapt quickly. This means regularly running simulations, drills, and exercises to test plans against a range of scenarios, including cyber, physical, and biological threats, so that any weaknesses are identified and addressed before a real-world crisis occurs.

What You Can Do Now

Cybersecurity resilience requires a combination of disciplined daily practices and tested response capabilities. Healthcare organizations should:

  1. Maintain a clean and secure workspace — a “clean desk” approach helps protect both physical and digital assets.
  2. Implement strong governance with clear policies, procedures, and trained personnel prepared for both routine operations and crisis conditions.
  3. Practice good cyber hygiene as part of daily workflows.
  4. Only use authorized technology and AI solutions. Avoid shadow IT and shadow AI.
  5. Train staff regularly so cybersecurity is understood as a shared responsibility, and test escalation and contingency plans under realistic conditions to validate readiness.

Conclusion

Even in the face of simultaneous physical and cyber threats, the mission remains clear: healthcare organizations must be ready to sustain operations and safeguard patients when it matters most. Patient safety is our responsibility and robust cybersecurity helps to support patient care.