Young woman uses smartphone in train station

How ecosystems help mitigate current and future health care cyber risks

Applying robust risk mitigation, health care industry experience and tech toughness readied this business to counter most any cyber threat.

In brief

  • External and internal cyber risks threaten all industries, but health care falls victim more than most.
  • Just as no two business problems are identical, the fix must fit the issue precisely.
  • Client understanding plays a large part in formulating the right strategy.

When it comes to cybersecurity, the baseline risk across industries is high. Especially in health care — the most attacked sector according to the annual report of the FBI’s Internet Crime Complaint Center’s Internet Crime Report 2022¹ the threat of cybercrime looms larger than most.

For too many health care organizations, falling victim to a cyber breach isn’t a question of if as much as a question of when.

One breach, countless implications

Cyber attacks can come from any number of sources, both internal and external. The effects can be insidious, no matter their inception. Millions of dollars in ransom to recover data. Professional and personal information published online without permission. The ensuing fines and inevitable lawsuits that follow.

The organizational, operational and reputational damage dealt from cyber attacks can be hard to nurse back to health, depending on the severity — sometimes carrying with it a lasting handicap.

I’ve found that in countering cyber attacks and other blights on businesses, ecosystems are an elixir of sorts. They work, and work well, because they bring together strengths that add up to more than the sum of their parts.

Ensuring a strategic, collaborative cybersecurity approach

Thinking about health care’s susceptibility, I’m reminded of a university-based health system client of mine. It needed to mitigate risk by sophisticating their standing against cyber threats.


Exacerbating the matter was insufficient IT staffing — a common issue I’ve found when addressing cybersecurity. My client specifically wanted visibility into its network, which included a mix of university and hospital data.


To provide that visibility, we knew a traditional, standalone solution wouldn’t really prepare our client for the future. What they needed was an ecosystem that aligned key elements — the EY team, an EY alliance partner, the client and their existing vendors — plus all the tech, systems and processes that support everything. Using this approach positioned the client to address their current position and future-fit them for cyber threats to come.


Based on the understanding that our teams had of the client, it made the most sense to include in this ecosystem an EY Alliance partner specializing in secure, digital infrastructure — for this engagement, Splunk made the most sense to complement the client’s existing partners.


A collaborative, calibrated approach

The important thing to consider with ecosystems is that they’re not a one-ecosystem-fits-all fix. Like each client — and each client’s problems — ecosystems are unique. I’ve found that the best-fit ecosystems are built on understanding: of the industry, of the client’s issues and of the client’s future aspirations. And that makes relationships all the more important.


Take my client, for instance. If my team and I didn’t know the client as well as we did, we couldn’t have helped it as much as we did. That’s because our deep understanding informed the ecosystem we orchestrated and applied to its particular situation. And that meant that the cybersecurity strategy programs we created and helped implement were that much more effective. It’s as simple as that.

EY Alliance: Splunk

Addressing complex digital infrastructure problems


Splunk’s purpose is to build a safer and more resilient digital world. The company does so by helping security, IT and DevOps teams keep their organizations securely up and running.

The power of EY-orchestrated ecosystems: proving greater than the sum of our parts

By coalescing multiple elements — EY services, Splunk, client systems and legacy vendors, along with related technologies — the EY team is orchestrating opportunities and helping the client realize tremendous value.

With robust risk mitigation cultured to our health care client’s needs and the tech toughness to counter most any cyber threat, our client can once again do what it does best — provide superlative health care for its patients.


While every sector is at risk of cyber attacks, health care is a top target. Given the evolving nature of cybercrime, the traditional bandage approach to solving problems simply won’t work.

Mitigating internal and external cyber risks takes a collaborative ecosystem approach, bringing together the right team.

This approach can mitigate risk today while preparing clients for whatever cyber threats may come, as it did for my university-based health system client.

About this article