AI, Cybersecurity, and the High-Stakes Risks in Healthcare | A HIMSS 2025 Conversation with Lee Kim
0The intersection of cybersecurity and healthcare is more critical than ever, as technology continues to shape the way patient care is delivered. At HIMSS 2025 in Las Vegas, we sat down with Lee Kim, Senior Principal of Cybersecurity and Privacy at HIMSS, to discuss the pressing security challenges facing healthcare organizations, the role of artificial intelligence, and the balance between innovation and risk.
AI in Healthcare: Promise and Peril
Artificial intelligence is rapidly being adopted across the healthcare sector, yet many organizations still lack structured governance around its use. Kim highlights the “wild west” nature of AI adoption, where policies are either non-existent or underdeveloped, creating risks related to privacy, data security, and patient outcomes. While AI-powered diagnostic tools, like those used in radiology, have the potential to improve patient care by identifying critical conditions early, blind trust in AI-generated results presents serious risks. Without proper oversight, reliance on AI could lead to incorrect medical decisions, putting patient safety in jeopardy.
Cybersecurity Gaps in Healthcare Organizations
One of the biggest concerns in healthcare cybersecurity is the over-reliance on security tools without a clear strategy. Many organizations invest in the latest technology but neglect foundational security practices, such as governance, policy development, and staff training. Kim points out that less than half of cybersecurity budgets are allocated to governance, leading to disorganized security programs.
Another persistent challenge is the human factor. Social engineering and phishing attacks remain the top attack vectors, exploiting the inherent culture of healthcare professionals who are trained to help and trust others. Organizations must focus on proactive security measures, such as regular training and simulated attacks, to reduce human error and strengthen defenses.
The Financial and Operational Reality
Budget constraints continue to be a challenge, particularly for smaller hospitals and community healthcare providers. While larger organizations may have more resources, cybersecurity spending often focuses on acquiring new tools rather than optimizing existing defenses. Kim stresses the importance of a balanced approach—investing in both technology and governance to ensure long-term resilience.
Another concern is the increasing dependence on third-party services and cloud-based AI tools. If these services become too expensive or go offline, healthcare organizations may face operational disruptions. The lack of contingency planning, such as backup vendors or alternative systems, leaves many institutions vulnerable to supply chain risks.
Building a More Resilient Healthcare Security Model
As technology continues to drive innovation in healthcare, organizations must adopt a proactive cybersecurity stance. Business impact analyses, vendor risk assessments, and tabletop exercises should be standard practice to prepare for disruptions. Kim also raises the idea of cyber mutual aid—a model similar to emergency medical mutual aid, where healthcare organizations collaborate to support each other in times of crisis.
HIMSS 2025 provides a forum for these critical conversations, bringing together global healthcare leaders to share insights, challenges, and solutions. For those interested in diving deeper, the HIMSS Cybersecurity Survey is available online, offering a comprehensive look at the current state of healthcare security.
To hear the full discussion on these topics and more, listen to the episode featuring Lee Kim, Sean Martin, and Marco Ciappelli from HIMSS 2025 On Location.
Guest: Lee Kim, Senior Principal of Cybersecurity and Privacy at HIMSS | On LinkedIn: https://www.linkedin.com/in/leekim/
Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin
Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
____________________________
This Episode’s Sponsors
HITRUST: https://itspm.ag/itsphitweb
____________________________
Resources
Learn more and catch more stories from HIMSS 2025 coverage: https://www.itspmagazine.com/himss-2025-health-technology-and-cybersecurity-event-coverage-las-vegas
HIMSS 2024 Cybersecurity Report: https://www.himss.org/resources/himss-healthcare-cybersecurity-survey/
____________________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage
Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf
Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us