“Ransomware”, “data breach”, and “cyberattack”.
To those of us who work in healthcare leadership these days, those words are as ubiquitous as telehealth, quality outcome measures, and pandemic response.

NextGen Healthcare’s Data Breach
On April 28th, 2023, NextGen Healthcare, a leading electronic health record platform, disclosed a major data breach. The breach exposed the sensitive information of more than one million patients. NextGen is currently addressing the broader context of two separate security breaches within the same year: the first being a ransomware attack in January. Lawsuits have been filed that allege that NextGen was (1) negligent for not deploying adequate security; (2) took too long to contain the breach; and (3) failed to disclose the breach more rapidly so that providers could take more timely action on behalf of their patients.
Challenges and Risk Acceptance in Healthcare
While our hearts go out to all those impacted, we can all learn from this incident. As leaders in healthcare, we at Hartman recognize that resources are limited, and systems and people are stretched to the brink. As we work alongside our healthcare clients, we hear a great deal of talk about “risk acceptance” when it comes to cybersecurity.
Common refrains include:
- “If a large healthcare system can’t stop the attack, how can we?”
- “We know we need better cybersecurity, but we just don’t have the resources to dedicate to it.”
- “If we can’t stop the attack, we’ll just address it if it occurs. That’s why we have insurance.”
- “Our system is hosted in the cloud. That’s their issue.”
We understand, and we know all too well, the challenges of today’s digital healthcare environment. However, we also know how much influence and capability each of you have today, without significant additional resources.

Cybersecurity Readiness and Patient Care
If there’s one message we can impart to you it is this: you can move the needle for cybersecurity readiness, and it takes far fewer resources than you expect. Ultimately, cybersecurity readiness is an extension of your ability to deliver care. Healthcare today can’t be delivered as safely and effectively as it should be without IT and digital platforms. Similarly, protecting patient health information has grown to include protecting their digital records and confidentiality, whether in the cloud or on a piece of paper.
The Hartman Approach

At Hartman, we have many success stories where we accomplished these goals for healthcare organizations. All you need is determination and intention to start the conversation and to transform your program. We’ll work with your IT and security leaders to build on their existing successes. Our role isn’t to criticize, rebuild or redesign. Instead, we enhance with an adaptable and scalable methodology, process, and experience to help you unlock the latent potential in your current security programs to mature your resilience. Our dedication is to help bring advanced, large enterprise resilience to your program’s fit and scale.
You don’t have to be next; it’s not inevitable. The decisions that we make today, to act or not, help to determine if the next cyberattack is a disaster, or not. Take proactive steps to safeguard your healthcare organization from data breaches. Contact Hartman Executive Advisors today and secure your digital resilience.