The intersection of cybersecurity and healthcare is more critical than ever, as technology continues to shape the way patient care is delivered. At HIMSS 2025 in Las Vegas, we sat down with Lee Kim, Senior Principal of Cybersecurity and Privacy at HIMSS, to discuss the pressing security challenges facing healthcare organizations, the role of artificial intelligence, and the balance between innovation and risk.AI in Healthcare: Promise and PerilArtificial intelligence is rapidly being adopted across the healthcare sector, yet many organizations still lack structured governance around its use. Kim highlights the “wild west” nature of AI adoption, where policies are either non-existent or underdeveloped, creating risks related to privacy, data security, and patient outcomes. While AI-powered diagnostic tools, like those used in radiology, have the potential to improve patient care by identifying critical conditions early, blind trust in AI-generated results presents serious risks. Without proper oversight, reliance on AI could lead to incorrect medical decisions, putting patient safety in jeopardy.Cybersecurity Gaps in Healthcare OrganizationsOne of the biggest concerns in healthcare cybersecurity is the over-reliance on security tools without a clear strategy. Many organizations invest in the latest technology but neglect foundational security practices, such as governance, policy development, and staff training. Kim points out that less than half of cybersecurity budgets are allocated to governance, leading to disorganized security programs.Another persistent challenge is the human factor. Social engineering and phishing attacks remain the top attack vectors, exploiting the inherent culture of healthcare professionals who are trained to help and trust others. Organizations must focus on proactive security measures, such as regular training and simulated attacks, to reduce human error and strengthen defenses.The Financial and Operational RealityBudget constraints continue to be a challenge, particularly for smaller hospitals and community healthcare providers. While larger organizations may have more resources, cybersecurity spending often focuses on acquiring new tools rather than optimizing existing defenses. Kim stresses the importance of a balanced approach—investing in both technology and governance to ensure long-term resilience.Another concern is the increasing dependence on third-party services and cloud-based AI tools. If these services become too expensive or go offline, healthcare organizations may face operational disruptions. The lack of contingency planning, such as backup vendors or alternative systems, leaves many institutions vulnerable to supply chain risks.Building a More Resilient Healthcare Security ModelAs technology continues to drive innovation in healthcare, organizations must adopt a proactive cybersecurity stance. Business impact analyses, vendor risk assessments, and tabletop exercises should be standard practice to prepare for disruptions. Kim also raises the idea of cyber mutual aid—a model similar to emergency medical mutual aid, where healthcare organizations collaborate to support each other in times of crisis.HIMSS 2025 provides a forum for these critical conversations, bringing together global healthcare leaders to share insights, challenges, and solutions. For those interested in diving deeper, the HIMSS Cybersecurity Survey is available online, offering a comprehensive look at the current state of healthcare security.To hear the full discussion on these topics and more, listen to the episode featuring Lee Kim, Sean Martin, and Marco Ciappelli from HIMSS 2025 On Location.Guest: Lee Kim, Senior Principal of Cybersecurity and Privacy at HIMSS | On LinkedIn: https://www.linkedin.com/in/leekim/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitweb____________________________ResourcesLearn more and catch more stories from HIMSS 2025 coverage: https://www.itspmagazine.com/himss-2025-health-technology-and-cybersecurity-event-coverage-las-vegasHIMSS 2024 Cybersecurity Report: https://www.himss.org/resources/himss-healthcare-cybersecurity-survey/____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/...
