Healthcare leaders are overwhelmingly confident in their tech vendors’ cybersecurity, right up until those vendors get hacked and freeze their cash flow.
A report released today by managed IT and security provider Omega Systems reveals a massive visibility gap in the healthcare digital supply chain.
While 70% of healthcare leaders express confidence in their vendors’ security, a staggering 85% of practices suffered an operational disruption caused by a third-party or “vendor-of-a-vendor” failure over the past year.
This confidence appears to be built on blind spots rather than data, as Omega Systems found that 63% of practices fail to continuously monitor their digital supply chains.
Downtime threatens billing, scheduling, and patient care
When these unseen links in the supply chain break, the consequences for medical practices are immediate and severe. If an Electronic Medical Record (EMR) system goes down during a cyberattack, 53% of leaders report that billing and scheduling halt instantly, freezing vital cash flow.
Furthermore, 47% warn that losing access to patient histories and medication lists introduces major malpractice liabilities, while 25% face temporary or permanent practice closure.
“The biggest mistake a healthcare practice can make today is assuming vendors in their supply chain are handling security, so they don’t have to,” said Mike Fuhrman, CEO of Omega Systems.
The internal defenses of many organizations offer little backup. According to the data, more than eight in ten healthcare practices report shortcomings in their recovery plans, while 31% continue to rely on legacy technology that may be unable to contain a breach once an attack begins.
HIPAA readiness gaps remain unresolved
The report further reveals that many organizations remain exposed to compliance challenges. Six in ten healthcare leaders said they have self-attested to HIPAA compliance despite known vulnerabilities that remain unpatched.
Meanwhile, 76% said they are not prepared for the proposed 2026 HIPAA Security Rule requirements.
AI adoption moves faster than oversight
Artificial intelligence is already becoming a routine part of healthcare operations, according to the study.
Omega Systems found that 93% of practices use AI for patient-facing or administrative functions. However, the report warns that many organizations have not yet established oversight processes to ensure those tools meet evolving security and compliance expectations.
Financial incentives appear to be accelerating adoption. Two-thirds of respondents said that AI-powered scheduling systems capable of adding just two extra patients per day could generate between $5,000 and $20,000 in additional monthly revenue.
The findings suggest that business benefits are encouraging rapid deployment of AI technologies even as governance frameworks struggle to keep pace.
MSSPs can help close security gaps
The report also sheds light on how healthcare organizations manage cybersecurity resources.
More than half of practices (52%) do not work with a managed security service provider, while 39% handle cybersecurity entirely with internal teams.
Among those organizations, 35% reported staffing shortages and 23% described their technology environments as outdated.
Practices that partner with managed security providers reported stronger access to advanced security capabilities, including managed threat detection and response services and next-generation firewall technologies.
“This data tells a governance story as much as a security one,” said Fuhrman. “The practices that come out ahead won’t be the ones that buy more tools or hire more staff. They’ll be the ones where leadership decides that cybersecurity, compliance, vendor risk, and AI need to be managed together, with the right resources and outside support in place.”
Mike Fuhrmann joined Channel Insider: Partner POV in 2025 to talk about how the provider enables its customers in regulated industries. Watch or listen to the episode now to learn more.