ViVE 2026: Strengthening Healthcare Security and Operational Resiliency

“Application rationalization often falls to the end of the priority list like infrastructure refresh, things like that,” added CTO Nick O’Connor. “Having that catalyst moment, we were able to drive behind that. We deployed this in waves following the EHR deployment. So that created, right out of the gate, some governance and structure that we could feed into, and it gave the visibility at a higher level too.” 

As the IT team retires the applications, the data gets archived so that it can be used for future projects; for example, with solutions powered by artificial intelligence. “Lowering the costs and then using these assets in new and unique ways has opened up a lot of opportunities for us. I'm excited for the future thinking about AI and the corpus of data that we now have. It'll be very powerful going forward,” O’Connor said. 

DISCOVER: Here are four security tech trends to watch in 2026.

Prokic noted that a difficult aspect of the process was working with former vendors to retrieve the organization’s data that was on those systems. “If you've ever broken up with a vendor, that's when things get very contentious, and data all of a sudden becomes very proprietary, and resources aren't available. Imagine having to do that 25 times a quarter, every quarter for six years straight. So, one of the biggest challenges was getting back our stuff, getting back our data,” he said. 

Healthcare organizations need to understand their environment with this level of detail because not only will it help with cost optimization, but it will also support a stronger cyber resilience strategy that has more visibility into a complex environment.

(From left to right) Clearsense CEO Jason Rose moderates a discussion with Trinity Health’s Chief IT Strategy Officer Mike Prokic and CTO Nick O’Connor at ViVE 2026 in Los Angeles. 

Resource-Thin Organizations Share Workforce Challenges 

During a session focused on the IT teams of rural healthcare organizations, three leaders shared their perspectives on collaboration and staff development and recruitment. 

Scott McEachern, CIO at Bandon, Ore.-based Southern Coos Hospital and Health Center, had the smallest IT team of the panel (with four IT team members and two clinical informaticists), and he shared how encouraging upskilling and building in redundancy is critical for his department. 

“We are training all of our staff to be sort of mini-system admins. We have one system admin who has been a source of knowledge for much of the time that I've been over the IT department, but we've been implementing more redundancy in terms of skill sets,” McEachern said. “In fact, I've been shadowing at the help desk because I feel like I need to walk the talk and practice what I preach.” 

READ MORE: How can healthcare organizations navigate security changes linked to HIPAA updates?

Recruitment for healthcare IT teams, especially in rural communities, has always been a challenge. But Linda Stevenson, chief digital information officer at Norwalk, Ohio-based Fisher-Titus Medical Center, noted that emphasizing the mission and culture of an organization can help prospective candidates feel more connected to their work. 

The panelists discussed working with local high schools, universities and community colleges to improve the pipeline of IT talent to healthcare organizations. An emerging challenge is engaging a newer generation who may have the technical skills but are less likely to stay at an organization for the long term. 

“We've had somebody come in as an intern, did a great job, worked with us, and six months later, they're off to something else because they wanted something even more exciting. So that's been our challenge,” Stevenson said. “I think, in an organization of any of our sizes, culture is probably the No. 1 thing to think about because we're there not only with the patients, we're also there with the community.” 

It's not enough for healthcare IT leaders to lead a meeting on the department’s project list. They need to do something different to keep newer team members engaged and ready to do what can sometimes be seen as “thankless work,” Stevenson added.

Healthcare Organizations Learn Better From One Another 

A different session about cyber resilience in healthcare brought together IT and security leaders who could share direct experience with a cyber incident at their organization. 

Moderator Anika Gardenhire, who was the chief digital and transformation officer at Tennessee-based Ardent Health but became Michigan Medicine’s first chief digital and information officer this month, shared lessons from her former organization when she had just joined. In 2023, a ransomware attack affected Ardent Health on Thanksgiving Day, disrupting service across the organization. Gardenhire notes that collaboration across departments worked in a “cures and consequences” setup: IT teams implemented “cures,” or any action that would get systems back, while the general counsel, operations and clinical teams dealt with the “consequences” of those actions to keep care delivery moving. 

DIVE DEEPER: AI threats demand new cybersecurity investments. 

Panelist Nate Couture, CISO at University of Vermont Health Network, also shared lessons from his organization’s 2020 ransomware attack. 

“We did not have to stop care, but we had IT systems offline for four weeks,” Couture said. “We had done a lot of preparation, but that was based on either short-term IT outages or mass casualty events — those were the two flavors of downtime and emergency management planning. Neither of those actually applied to the problem we were having. The one thing that did apply, though, was that we did have the relationships built as part of doing that work, and we leaned into those relationships, and through that, we were able to get through it.”

Nate Lesser, vice president and CISO at Washington, D.C.-based Children’s National Hospital, noted that learning from the cyber incidents and strategies of other health systems has helped his organization tremendously in improving their security approaches. He mentioned taking inspiration from Intermountain Health and how the organization runs at least 24 security exercises in a year rather than the one or two major exercises most providers do. 

“We still try to do at least one major exercise across a lot of departments and units, but now, we run mini-exercises on a monthly basis, sometimes more frequently with individual units,” Lesser said, adding that his team typically works more with nursing leadership. 

A cyber response plan may need to include nontechnical aspects; for example, how much cash on hand does the organization have access to if payroll is affected? Do teams know where paper supplies are located, and are there enough supplies to last three hours or three weeks? What is the process to move information collected on paper charts into the EHR? What does “back to normal” even look like? 

Emerging technologies represent another risk factor that more organizations must account for. Couture gestured to the rest of the ViVE exhibit hall, where numerous vendors had booths. 

EXPLORE: Learn how to take the complexity out of IT configuration and integration. 

“Every single one of those solutions that you put in that lets you do more with less on a day-to-day basis just made your resilience scenario that much harder. Because, while you can still do things the old way, you've now reset your staffing to expect to be able to get a certain amount of throughput,” Couture said. “Now, if that technology goes away, you don't have that staff to do it the old-fashioned way. So, that's something you have to think about: How are you going to handle that as you're implementing each one of these new solutions? It's great for what it is today but also think about what this means for your resilience plan.” 

Lesser added that while organizational boards are now more deeply engaged in security, ongoing education and communication is crucial to ensuring overall alignment. 

“Five years from now, we're going to continue to talk about the major cyber events that were affected by AI. We're going to talk a lot about quantum security and cryptographic resilience, and our boards are going to be smarter than we are before we get in the room,” he said. 

The Human Element of Business Continuity and Disaster Recovery 

During a session about supporting the minimum viable hospital through a cyber incident, Rubrik Sales Engineering Manager for Healthcare Nathan Bahls stressed the importance of having the conversations about critical applications and teams and alternate communication streams before an event, because the way malicious actors target organizations has evolved. 

“It used to be that encrypting files, encrypting virtual machines, that was the whole mission. And you paid to de-encrypt, you paid to get them back. Now, that's a distraction while they exfiltrate data,” Bahls said. “They're looking at using encryption or identity attacks to get in the way, cause chaos and slow the response.”

Click the banner below to read the recent CDW Cybersecurity Research Report.

So, not only do organizations need to have the ability to restore their systems, but they also need to plan how their team members can communicate if their usual methods are offline. Clinical teams should not be left to create ad hoc channels in WhatsApp or Telegram because that just introduces another risk factor with unmonitored third-party applications. 

That’s why it’s important for organizations to decide responsibilities beforehand, said Melissa Pettigrew, product director for healthcare at Rackspace Technology: “Understand, this is not just an IT problem — we’re all involved here.” 

She added that organizations can start improving their security simply by identifying their minimum viable applications. 

“Do you even have a good inventory of your entire application portfolio and what all of those integrations are?” Pettigrew said. “You don't want to have this conversation in the middle of chaos, right? You want to plan for this ahead of time and, even if it's not perfect, if you have a good idea of what your bare minimum, Tier 0, Tier 1 applications are, you are doing a lot better than almost every other organization out there.” 

Both experts agreed that having a shared vision of resilience — and understanding what that means to an organization — can help clarify goals. 

“If we come at this from how we approached backup and disaster recovery 20 years ago, we're already failing. The world is very different. How things work is more fluid, where we host the architecture is more fluid, the challenges that we're facing from a budget perspective, a technology perspective, are more fluid,” Bahls said. “So, how do we make what would be the worst day that will easily spiral into the worst week, followed by the worst weeks, followed by the worst month — how do we just make it a bad day?”