READING, PA — More than four out of five healthcare practices experienced operational disruptions caused by third-party technology failures over the past year, even as most healthcare leaders remain confident in their vendors’ cybersecurity protections, according to new research released by managed IT and security provider Omega Systems.
The report highlights growing dependence on interconnected technology vendors and electronic medical record systems as healthcare organizations face rising cyber threats and tighter regulatory scrutiny.
Omega Systems’ “Under Pressure: The 2026 Healthcare IT Landscape Report” found that 85% of healthcare practices experienced at least one disruption tied to a third-party provider or a vendor further down the supply chain during the previous 12 months. Despite that, 70% of healthcare leaders said they remain confident in their vendors’ cybersecurity posture.
The survey also identified significant gaps in oversight. Sixty-three percent of healthcare practices said they do not continuously monitor their digital supply chains.
The consequences of vendor disruptions can be severe. Among respondents, 53% said a cyberattack that disabled their electronic medical records system would immediately halt billing and scheduling operations, while 47% cited the loss of access to patient histories and medication records as a source of potential malpractice liability. One-quarter of respondents said such an event could temporarily or permanently close their practice.
“The biggest mistake a healthcare practice can make today is assuming vendors in their supply chain are handling security, so they don’t have to,” Omega Systems Chief Executive Officer Mike Fuhrman said in a statement.
The report also found that 61% of healthcare leaders expect their organizations will face a potentially catastrophic cyberattack within the next five years. However, 62% still classify cybersecurity and compliance primarily as technical functions rather than patient-safety issues.
More than 80% of practices reported shortcomings in their recovery plans, and 31% said they continue to rely on legacy technology systems that may be unable to contain a breach once it begins.
Artificial intelligence adoption is also accelerating. According to the survey, 93% of practices are already using AI in patient-facing or administrative functions, often without governance processes in place to ensure compliance with emerging security standards.
Financial incentives appear to be driving adoption. Two-thirds of respondents said AI-enabled scheduling improvements that add just two patients per day could generate between $5,000 and $20,000 in additional monthly revenue.
At the same time, regulatory concerns are increasing. Sixty percent of healthcare leaders said they have self-attested to HIPAA compliance despite known, unpatched vulnerabilities, and 76% said they are unprepared for proposed changes to the 2026 HIPAA Security Rule.
The survey also found that 52% of practices do not use a managed security service provider, while 39% manage cybersecurity entirely in-house. Among those organizations, 35% reported understaffed technology teams and 23% described their systems as outdated.
“This data tells a governance story as much as a security one,” Fuhrman said. “The practices that come out ahead won’t be the ones that buy more tools or hire more staff. They’ll be the ones where leadership decides that cybersecurity, compliance, vendor risk, and AI need to be managed together.”
The full report is available at: https://omegasystemscorp.com/insights/white-papers/2026-healthcare-it-landscape-report/
Support the local news that supports Chester County. MyChesCo delivers reliable, fact-based reporting and essential community resources—free for everyone. If you value that, click here to become a patron today.