As the calendar flips to 2026, hospital executives and IT leaders find themselves at the nexus of accelerating digital transformation and an increasingly hostile cyber‑threat landscape.
The past two years have been punctuated by a series of record‑shattering data breaches and infrastructure outages, reminding health systems that cybersecurity is not merely a technical problem but an existential business risk.
In 2024 alone, more than 276 million patient records were compromised, and the frequency of incidents meant that about 758,000 records were exposed each day.
The average cost of a healthcare breach in the U.S. climbed toward US$11 million, and a single outage at a health IT vendor in February 2024 affected around 190 million individuals and cost over US$3 billion, according to research.
This escalation has prompted major health systems to rethink their digital strategies: surveys show that 84 % of CIOs plan to increase funding for cybersecurity in 2026, with a median budget jump of about 26 %, making it the largest spending increase.
A Rising Tide of Cyber Threats
Health systems are responding to an unprecedented wave of cyberattacks. Experts warn that ransomware remains the “apex predator” of healthcare, with attackers moving from traditional file‑locking tactics to fast, quiet data‑extortion attacks that steal sensitive information in minutes.
Ransomware groups increasingly target not only hospitals but also the vendors and cloud services that support them; a breach at a health IT vendor in 2024 compromised data for roughly 190 million Americans.
The integration of AI into cyberattacks allows hackers to automate reconnaissance and craft sophisticated phishing lures; security leaders expect the speed of AI‑driven threats to outpace traditional defenses.
Several factors are expanding the attack surface:
- Legacy and patchwork systems – Many hospitals operate a mix of mainframes, SaaS platforms and custom tools; integration gaps lead to inconsistent authentication and logging, fragmented backups and untested recovery protocols. As health systems modernize, the inability to bridge old and new technologies securely creates vulnerabilities that attackers can exploit.
- Internet of Medical Things (IoMT) and medical devices – Connected devices such as infusion pumps and imaging equipment often have outdated firmware. Analysts note that threat actors increasingly focus on IoT/IoMT vulnerabilities, and the FDA’s PATCH Act now requires manufacturers to submit cyber plans and make patching capabilities accessible.
- Third‑party and supply‑chain risks – With hospitals adopting cloud‑hosted EHRs, imaging platforms and telehealth services, they inherit dependencies outside their direct control. Experts predict that third‑party outages will become the most significant operational resilience risk. As more breaches originate from vendor environments, boards are demanding rigorous vendor risk management and continuity testing.
- Shadow AI and internal misuse – About 23 % of clinicians use unsanctioned AI tools to expedite tasks. These “shadow AI” applications lack encryption and audit trails, creating major security and compliance risks. Cyber leaders emphasize that internal AI misuse is one of the most urgent threats and must be addressed through governance and training.
These dynamics make cyber defense a board‑level priority. Medical group surveys show that 72 % increased cybersecurity spending in 2024 and continue to do so in 2025 and 2026.
CIOs such as Sunil Dadlani of Atlantic Health System describe cybersecurity and data governance as “non‑negotiable investments”. The focus has shifted from passive compliance to active resilience: organizations are investing in network segmentation, immutable backups, 24/7 threat monitoring, and identity controls to ensure continuity of patient care during an attack.
At the same time, hospital executives are under pressure to modernize aging electronic health record (EHR) platforms and integrate new tools such as artificial intelligence (AI) and data analytics. AI, cybersecurity, and workflow automation are now considered non‑negotiable areas of investment, and many systems are consolidating to a single enterprise EHR platform.
Major providers such as HCA Healthcare, UPMC, and Northwell Health have announced multi‑year migrations to unified EHRs, describing them as “crucial infrastructure for long‑term innovation”.
This modernization isn’t only about efficiency; it is about building resilient, interoperable systems that can withstand cyberattacks, support AI‑driven care, and meet new regulatory mandates such as the anticipated HIPAA 72‑hour rule, which would require hospitals to restore critical systems within three days of an incident.
The intersection of these forces, rising cyber risk, regulatory scrutiny, and the need to build modern data platforms, explains why cybersecurity and core health IT spending are surging in 2026.
The article below explores the major drivers of this spending boom, drawing on insights from industry reports and expert predictions. It also offers a high‑level table summarizing key investment categories, and highlights how service partners such as Svitla Systems are helping hospitals navigate the transformation.
Regulatory Pressures and Financial Imperatives
View this post on Instagram
Regulators are tightening requirements as cyber threats threaten patient safety. The Department of Health and Human Services’ Office for Civil Rights (OCR) is expected to finalize an updated HIPAA Security Rule in 2026, which would require ongoing system‑level risk analysis and faster incident reporting.
Industry leaders anticipate a “72‑hour rule” mandating that hospitals restore critical EHR functions within three days of a cyber incident. Such mandates effectively turn cyber resilience into a compliance imperative, pushing hospitals to invest in robust backups, offline recovery environments, and rigorous testing.
Meanwhile, the financial impact of data breaches continues to climb. The average cost of a healthcare data breach rose to nearly US$11 million in 2025, with total costs in some incidents exceeding US$3 billion. On top of direct response costs, hospitals face lost revenue, reputational damage, and potential litigation.
Cyber insurance providers are also tightening underwriting requirements, conditioning coverage on evidence of “adequate and forward‑looking controls”. Boards are therefore allocating more funding toward cybersecurity not just to reduce risk but to ensure insurability and protect cash flow.
Building Modern Core Health IT Systems
Cybersecurity spending is intertwined with a broader push to modernize core health IT platforms. Health systems recognize that EHRs have become the operational core of the enterprise, and aging, fragmented systems hinder both security and innovation. Key modernization trends include:
- Unified EHR platforms – To support AI-enabled care and improve data consistency, major health systems are migrating to unified EHRs. Northwell Health is consolidating more than 30 EHRs onto Epic, HCA Healthcare is moving to the Meditech Expanse platform, and UPMC is transitioning to a single Epic instance. These unifications reduce complexity, eliminate duplicative interfaces and enable consistent security controls across the enterprise.
- Interoperability and data governance – Modern platforms adopt FHIR APIs and strong encryption to facilitate secure data exchange and meet 21st Century Cures Act requirements. Healthcare leaders are investing in cloud data lakes, real‑time pipelines, and master patient indexes to break down silos and enable AI-driven analytics. Surveys show that only 1 % of companies consider themselves “AI mature”, prompting significant investment in data infrastructure.
- Workflow automation and AI – CIOs expect AI to permeate diagnostics, operations, and the revenue cycle, but they emphasize that cybersecurity must be embedded into every layer of these systems. Provider organizations are deploying AI-driven anomaly detection and behavioral analytics to spot suspicious behavior in real time.
Investments in these areas are not optional. Analysts stress that cyber‑resiliency is critical, “it’s a matter of when, not if you will be attacked”. By modernizing their IT cores and adopting secure architecture, hospitals can unlock AI’s benefits while defending against new threats.
Partners like Svitla Systems offer healthcare software development services that help health systems design, build, and secure next‑generation EHRs and data platforms. With expertise in custom software, interoperability standards, and security protocols, such providers allow hospitals to accelerate modernization without compromising patient safety.
Drivers of Increased Cybersecurity & IT Investment in 2026
Driver
Evidence & Data
Implications
Surge in cyberattacks and data breaches
Over 276 million patient records were compromised in 2024; a 2024 vendor breach affected 190 million individuals and cost >US$3 billion. Ransomware remains the leading threat.
Hospitals must allocate more resources to threat detection, incident response and backup systems; board‑level oversight is required.
Complex, interconnected IT ecosystems
Legacy systems and mixed SaaS tools create security silos and fragmented backups; IoMT devices and shadow AI tools introduce new vulnerabilities.
Investment in network segmentation, identity controls, patch management and comprehensive governance is essential.
Regulatory mandates & insurance pressures
Anticipated HIPAA 72‑hour rule requires restoration of critical data within three days; updated HIPAA Security Rule demands continuous risk analysis. Insurers require proof of robust controls.
Hospitals are building resilient recovery environments, performing regular risk assessments and enhancing documentation to satisfy auditors.
Need for unified, AI‑ready core systems
Health systems view EHR modernization as the operational core and are consolidating onto unified platforms; data infrastructure must support AI and analytics.
Significant capital goes toward EHR consolidation, cloud migration, interoperability standards and AI governance.
Financial & reputational stakes
Average cost of a healthcare breach approached US$11 million in 2025; breaches erode patient trust and disrupt revenue cycles.
Investments protect both cash flow and brand reputation; cyber resilience becomes a competitive differentiator.
Looking Ahead
Industry experts predict that cybersecurity will move from an IT concern to a core business priority. Executives who treat resilience as a patient safety and operational continuity issue, rather than a compliance checkbox, will be better positioned to thrive.
This requires not only technical investments but also cultural change: ongoing staff training, regular tabletop exercises, and clear escalation procedures. Vendor governance will become more stringent, with hospitals demanding evidence of business continuity and impact tolerance from every partner.
At the same time, innovation cannot stop. Digital front‑door experiences, remote monitoring, and AI‑assisted diagnostics remain essential to competitive differentiation. The challenge is to embed security and ethics into every project from day one.
Organizations like Svitla Systems can assist by integrating secure development practices, FHIR standards, and zero‑trust architectures into custom software solutions.
