In the middle of perhaps the busiest day at the 2025 HIMSS Global Conference, I was able to sit down with Lance Reid, CEO of Telcion, a provider of IT solutions and managed services for the healthcare industry.
We had both watched a forum on AI in healthcare the day before, and Lance expressed enthusiasm about many of the developments.
“The most interesting thing for me right now is AI in cybersecurity — how to automate a lot of things or be able to take care of the manpower issue around security," he said. He also emphasized the growing importance of automation in security management, especially as healthcare organizations struggle with manpower shortages. As cyberattack threats continue to evolve, Reid noted that the ability to scale defenses using AI is a crucial focus for the industry.
Trends in data security and managed IT services for healthcare
Reid highlighted the increasing demand for managed security services among healthcare providers, especially in federally qualified health centers (FQHCs) he has worked with. Despite the rapid and broad expansion of virtual care in recent years and ongoing cybersecurity initiatives, he still encounters many practices lagging in adopting basic security measures, such as multi-factor authentication (MFA).
Reid underscored the importance of Security Operations Center (SOC) and Security Information and Event Management (SIEM) solutions. Historically, these tools have been costly and difficult for smaller organizations to implement, but advancements in third-party management services are making them more accessible. Effective security tools are a good next step for many of those practices, but actively monitoring them is crucial, too, making 24/7 oversight more a necessity than a luxury.
Next steps for better security in 2025
Reid outlined several critical steps healthcare practices should take in 2025 to enhance their security posture:
1. Implementing multi-layered security
The most effective security strategy involves multiple layers of defense, as he recently wrote in an MGMA insight article. Reid stressed that organizations must assess their current security stack, identify gaps, and continuously refine their approach. Ensuring that all critical systems are protected by MFA, endpoint security, and network monitoring tools is essential.
2. Proactive security audits and monitoring
Reid advocated for regular third-party audits to identify vulnerabilities and verify that security controls are functioning correctly. “Even [if] you have good IT guys, they’re human,” Reid noted. “Having someone else come in and look over things can uncover gaps you didn’t even realize were there.”
3. Strengthening third-party system integrations
Many healthcare practices integrate third-party tools with their EHR(s) and other internal systems, often without fully assessing the security implications. Reid warned that weak authentication protocols in these integrations can become major attack vectors. Practices should ensure secure authentication and regularly review external connections.
4. Expanding end-user security training
Human error remains one of the biggest cybersecurity threats. Reid recommended that security training be mandatory for all employees, from leadership to frontline staff. Monthly phishing simulations and security awareness sessions can significantly reduce the risk of breaches caused by social engineering attacks. “It doesn’t cost a lot of money to do … [and] it’s a simple way to get people more aware,” Reid said.
5. Leveraging AI for threat detection and response
AI-powered cybersecurity tools are emerging as a new standard in identifying and mitigating threats in real-time. As potential attackers are already leveraging AI to scale attacks, many healthcare organizations should look at how similar technology can power their defenses. Real-time analytics and automated threat detection can help identify suspicious activities before they escalate into breaches.
Conclusion
Increasingly sophisticated threats are aimed at healthcare organizations today. Multi-layered defenses help make the task of intrusion that much more difficult. While there’s no way to 100% guarantee you won’t be hacked, adding layers of security better protects sensitive patient data and may help you maintain normal operations when a threat emerges.
Additional reading
- Cybersecurity in Medical Practices Playbook - An MGMA member-benefit guide to securing your systems and ensuring compliance.
Explore Related Content
Insight Article
10 key takeaways on compliance for medical group leaders in 2025
