We had a good time talking to folks last week in our ColorTokens booth at the Healthcare Information and Management Systems Society conference in Las Vegas. The crowd was plentiful and engaged at the Venetian Convention Center and Ceasar’s Forum.

Perhaps even more interesting than the keynote addresses and the latest-and-greatest information from the vendor booths were the insights we gained from our one-on-one discussions with healthcare leaders who visited us in the cybersecurity command center exhibition hall. We got to meet our current customers, prospective customers, and partners. 

Here’s some of the notable comments and concerns expressed by attendees we spoke to:  

One healthcare leader had two interesting perceptions: she highlighted the emerging consciousness in her organization that while increasing technology connectivity is a tool that certainly can improve patient and provider experience and even improve health outcomes, it increases the risk to patient privacy as more and more applications are online. She also made a comment that was an epiphany for me personally: she said that “bad guys are good at encrypting data for ransom, but not so good at unencrypting it once you pay.”  It turns out that even if your healthcare organization complies with the ransom demand, in many cases some patient data will be irretrievably lost! For us at ColorTokens, this amplified the idea that stopping the lateral movement of a breach to prevent the spread of ransomware is a critical capability that healthcare IT leaders must address.   

Watch the HIMSS 2025 Presentation Recording | Securing EMR and Medical Devices from Cyber Threats by Dr. Guru Gurushankar 

Another conversation we had was with a hospital system CIO who said that there are societal factors that are making the security landscape more difficult. He highlighted the security concerns for healthcare executives, including threats and protestors showing up at their homes. The shifting cultural attitudes towards healthcare providers are creating a significant security concern, especially in light of recent incidents like the one involving UnitedHealth’s CEO. He thought that this trend is also influencing the frequency and nature of attacks on hospital systems’ digital operations—with motivations that transcend mere criminal greed for ransom payments. It’s a stark reminder of how policy changes and larger cultural issues can have wide-reaching and unintended consequences. 

Several conversations led us to generalize that AI is top of mind for many healthcare leaders, but still early.  Interestingly, there seems to be a willingness to experiment with AI projects without immediate concern for ROI. While the momentum is undeniable, AI in healthcare still appears to be in its early stages and is not yet fully enterprise-ready. 

Overall, looking at the cybersecurity presence at the conference and our engagement with attendees, we concluded that while there is significant awareness around cybersecurity for healthcare organizations the idea of being breach-ready is not deeply understood. Of the 100 or so security vendors in the cyber command center, only 2 or 3 were really talking about foundational concepts of breach readiness, such as zero trust microsegmentation to stop the lateral movement of malware and ransomware.   

Access the Forrester Wave Report to discover why ColorTokens received ‘Superior’ ratings in OT, Healthcare, and IoT Security. 

Similarly, not many healthcare leaders we spoke to are taking the posture that an initial breach is inevitable, and they should be prepared in advance to survive it. When asked, “What kind of cybersecurity solutions have you deployed?” they almost all described perimeter defense strategies such as firewalls, Endpoint Detection & Response, Zero Trust Network Access, and Access Control Lists. All these measures are focused on breach prevention. Few said they had in place cyber defense measures for breach readiness. In other words, they operated on the premise that their perimeter defenses would keep out every attack but had few preparations in place concerning what to do after a penetration of their perimeter.  

This idea that perimeter defenses are necessary but not sufficient seems to us to be better understood by other industry sectors such as financial services and manufacturing. In our experience, microsegmentation as a fundamental tool to prevent an attacker from freely navigating the enterprise environment after a breach is more widely understood in those industries than healthcare. (Perhaps the onus is on us as security practitioners; we need to educate and communicate Zero Trust concepts better.  Maybe we should “medicalize” our message to communicate to healthcare organizations that because of the current threat landscape, “prophylactic cybersecurity protocols are indicated.”)  

Access White Paper | HHS Focuses on Healthcare Cybersecurity with Proposed Rule Changes: What you Should Know.

But the prognosis is not hopeless; there are thought leaders that are evangelizing this important idea. In fact, we were encouraged when one provider came over and told us that the folks in the Epic booth sent them to us to discuss microsegmentation to protect their Electronic Health Records system.   

All in all, it was a great conference, and we are looking forward to exhibiting next year again. If you would like to learn more about how zero trust security concepts can help ensure continuity of patient care and your clinical operations, you can schedule an appointment with our expert solution team at www.ColorTokens.com/contact-us