Originally published in June 2025 on the American Hospital Association's website, aha.org, the post includes a downloadable Celerium-sponsored report.
Early-warning defense measures to mitigate disruptions to clinical operations
Preventing data breaches and containing breaches if they do occur is top of mind for hospital and health system leaders looking to deliver uninterrupted patient care and reduce operational disruptions. Executives and information technology teams must have clear visibility into breach status at the hospital or clinic level, with leadership tasked with deciding which systems to shut down or isolate. By integrating multiple defensive measures — including minimally invasive containment alongside isolation-based strategies — organizations can strengthen security and reduce clinical disruptions. This Knowledge Exchange e-book explores the importance of early breach detection, emergency management, clinical and business continuity planning and advanced data protection tools.
10 proven strategies to prevent and respond to data breaches
- Incident command and leadership. Maintaining a strict chain of command during security incidents is crucial for clear decision-making and response.
- Enterprise emergency management. Physical and cybersecurity, once separate, are now deeply interconnected due to frequent disruptions. Unifying security, emergency management and business continuity strengthens preparedness, response and recovery.
- Vulnerability management and security awareness. Strengthened antivirus protection, identity and access management, and automated patching improve security posture. Additionally, phishing prevention and breach response training remain key priorities.
- Emergency preparedness. Regular drills, tabletop exercises and structured communication ensure effective crisis management.
- Threat monitoring and response. Early-stage outbound data blocking helps prevent exfiltration before resorting to drastic containment measures.
- Cybersecurity as a process. Security is continuous, requiring ongoing adaptation to emerging threats.
- Shadow IT and legacy systems. Unknown or unmanaged systems pose significant risks, requiring focused monitoring and oversight.
- Communication redundancy. Secondary communication channels, including an off-network paging system and backup email, ensure secure messaging during outages.
- Public-private partnerships. Collaboration with local, state and federal agencies enhances crisis-response capabilities.
Participants
- Ron Belfont, MS, CISSP, CHCIO, CDH-E, ITIL
Chief information security officer
Bayhealth Medical Center
- Brian Brasser, R.N.
Senior vice president, integrations and operations
Corewell Health
- Emy Johnson, MA
Vice president and chief security officer
Allina Health
- Michelle Joy, MHA, FACHE
President and CEO
Carson Tahoe Health
- Karl Kotalik
Chief solutions officer
Celerium
- Thien Lam
Vice president and chief information security officer
BayCare Health System
- James Matera, D.O., FACOI
Chief medical officer
CentraState Healthcare System
- Gulshan Mehta, MBA, CHCIO, CDH-E
Chief digital and information officer
Blanchard Valley Health System
- Sandra Scott, M.D.
CEO
One Brooklyn Health
- Patrick Wilson, CHCIO, CHISL, CISSP, MA
Chief information security officer
Adventist Health
Moderator:
- Scott Gee
Deputy national advisor for cybersecurity and risk
American Hospital Association