Healthcare Cybersecurity Budgeting

4 min read

The cyberattack threat against healthcare providers has never been more serious. This is especially true for primary healthcare organizations, which have the same risk of IT disruption that other organizations face but also risk severe patient harm if they can’t function due to a cyberattack.

It’s always been important how healthcare providers allocate their cybersecurity budgets to get maximal protection and return on investment. This will become more important in 2023 and beyond as inflationary pressures and other factors squeeze budgets.

No Healthcare Provider is Immune from Attack

The phrase “security via obscurity” was previously common when discussing computing platforms with a small market share. The point was that it didn’t make sense for bad actors to put effort into targeting a platform with single-digit user levels.

Today, we hear a similar refrain from many small to mid-sized frontline healthcare providers we interact with at conferences and in other industry settings. Today, however, it is because some organizations think that cybercriminals out for profit, or state-based saboteurs looking to disrupt and harm the country, will only target big providers to maximize their impact.

This assumption is demonstrably false and a massive risk factor for small and medium healthcare providers. Many large healthcare providers have the resources to fund the 24x7 monitoring needed to combat today’s cyber threats. The bad guys know this and target the smaller providers who may have less protection and monitoring and are easier to penetrate and extort with ransomware. Small and medium healthcare providers are front and center in the sights of cybercriminals. 

How Should You Allocate Your Cybersecurity Budget?

A common misapprehension we encounter when discussing cybersecurity budgeting with healthcare providers is that it’s best to allocate most of the budget to cyber-defense solutions. While there is no doubt that strong technical protections need to be in place for endpoint devices, networks, servers, clinical equipment on the network, admin systems, and similar, those are not the whole story.

Any cursory reading of the news will show that organizations across all sectors are frequently breached and disrupted by cyberattacks – even those with protection. This is not because the protections are useless, but because new vulnerabilities get discovered and exploited before IT teams can patch systems to plug the security gaps. Data shows that attackers are actively trying to use newly disclosed vulnerabilities within hours of patches to address them getting released. Most IT admins take weeks or longer to test and deploy new security patches to production systems. Additionally, people make mistakes and often fall for very well-crafted phishing attacks that trick them into disclosing information to attackers.

The bottom line is that every organization has to assume that they will have their cybersecurity defenses breached at some point and that bad actors will gain access to their network and systems. Planning for this eventuality means having a strategy and tactics in place to quickly find out when this happens and then taking steps to stop the attack and expel the attackers. This is what network detection and response (NDR) delivers.

When considering spending your available cybersecurity budget, NDR should be a significant part of your planning. You need to balance the spending across Planning — Protection — 24x7 Monitoring — Response. The split between these four areas will not be a straight 25% each. The expenditure on each will be unique for each organization. In our experience, having good planning in place means that everyone knows how to respond when an attack occurs, leading to much better outcomes in response and significantly less damage to IT systems from an attack.

NDR must be in place 24x7 to be effective. As alluded to above, building and maintaining an effective NDR response team is beyond the resources and capabilities of most small to medium healthcare providers. This is not a reflection on healthcare IT teams. Building a 24x7 cybersecurity team is beyond almost all organizations across all sectors of the economy. The way to fulfill this need is to procure a 24x7 managed detection and response (MDR) service from a dedicated and focused security partner. Increasingly, MDR services form part of a broader Cybersecurity as a Service (CSaaS) portfolio.

Critical Insight CSaaS

Critical Insight has a comprehensive CSaaS offering that includes Incident Preparedness, 24x7 MDR, Incident Response, Vulnerability Scanning, Penetration Testing, and Regulatory Compliance assistance. By partnering with Critical Insight as your security partner and using our CSaaS, you have access to experts in healthcare cybersecurity planning, defense, and rapid response who can work with your leadership team to prepare for and deal with your cybersecurity requirements and protection. All via pre-agreed and predictable budgets. See to read more.

We also dive into the issues specific to healthcare providers at

The American Hospital Association Preferred Suppliers List

The American Hospital Association (AHA) runs a program called the AHA Preferred Cybersecurity Provider Program. This helps healthcare providers find trusted expert partners across several aspects of cybersecurity. Critical Insight is one of only ten providers chosen for the program (as of February 2023), and one of the two included for services and advice on MDR. See for more details on the program.

Short Discussion on this Topic

Recently Fred Langston, a Critical Insight founder, and current Chief Product Officer, along with Chief Marketing Officer Jake Milstein, had a 13-minute chat about the mistakes that hospitals make with their cybersecurity budgets and how to avoid them. During the discussion, which is embedded below, they go into the topics outlined here, plus a few others. If you are involved in planning in a hospital, whether as part of IT, wider administration, or even a CMO, this short video will be of interest.



Contact Us to Start a Discussion

Contact us to start a conversation about taking your cybersecurity strategy to the next level while freeing your IT staff to improve your IT systems to support healthcare rather than constantly being distracted by cybersecurity issues.

Our expert team can work with your organization to identify your current cybersecurity posture. We will then work with you to create a cybersecurity strategy to ensure you have a comprehensive plan and the 24x7 monitoring needed for today’s threat landscape.