“From Projects to Networks: The Future of Enterprise Risk Management Is Here”
Post Summary
Enterprise Risk Management (ERM) in healthcare is moving away from isolated, siloed approaches to a network-based model. Why? Because healthcare faces growing risks like cyberattacks, regulatory challenges, and supply chain vulnerabilities - all of which are deeply interconnected. Here's the gist:
- Cybersecurity threats are escalating: Healthcare data breaches impacted 70% of Americans in 2024, with ransomware and phishing attacks costing millions per incident.
- Traditional methods fall short: Managing risks in isolation leaves gaps, as 83% of breaches stem from third-party integration issues.
- AI and digital tools add complexity: While AI improves care, it also introduces risks like data leaks and algorithmic errors.
- Supply chains are fragile: Disruptions like ransomware or natural disasters can cripple operations due to interdependencies.
Healthcare organizations are now adopting network-based ERM to address these challenges. This approach provides a full-picture view of risks across systems, vendors, and processes. Tools like AI-powered monitoring, third-party risk platforms, and centralized command centers help streamline risk management while improving visibility and collaboration.
The shift to network-based ERM isn't just about better tools - it's about building resilient systems that protect patient care in an increasingly digital and interconnected world.
Tackling Cyber Threats in Healthcare with Censinet
What's Driving Network-Based ERM in Healthcare
Healthcare is shifting from isolated risk management approaches to interconnected, network-based strategies. This change is fueled by the increasingly complex and digitized environment in which healthcare operates today. Threats in this space can quickly spread across systems and partners, pushing the need for a more unified approach to risk management.
Rising Cybersecurity Threats in Healthcare
The state of cybersecurity in healthcare has taken a sharp downturn. Data breaches in 2024 reached unprecedented levels, impacting 237,986,282 U.S. residents - roughly 70% of the population [2]. This means nearly seven out of ten Americans had their health data compromised in just one year.
The scale of attacks is staggering. In 2025 alone, the healthcare sector faced 1,710 security incidents, with 1,542 confirmed data breaches, according to the 2025 Verizon Data Breach Investigations Report [2]. Since 2020, over 500 million people have had their healthcare records stolen or compromised at least once [4].
Phishing attacks have become particularly destructive. A 2024 Healthcare Cybersecurity Survey by HIMSS revealed that general email phishing (63%), SMS phishing (34%), and spear phishing (34%) were common attack methods [2]. The financial toll is immense - on average, a phishing-related breach cost the healthcare sector $9.77 million per incident in 2024 [2].
Ransomware attacks are also escalating. Groups like LockBit, CIOp, ALPHV, and BianLian targeted more than 460 U.S. healthcare organizations in 2024 [2]. By the end of the year, the health records of 259 million Americans had been stolen, either in part or in full [4].
"The elevated concern in healthcare is due to the type of data they possess. It's highly personal and sensitive to the individual (test results, conditions, etc.) as well as unchangeable (social security numbers). This leads to increased risks of identity theft." - Tony Black, Principal Product Researcher at Huntress [3]
These advanced threats highlight the limitations of traditional, project-based security measures. Modern healthcare organizations need a network-wide perspective to detect and address risks that exploit the connections between systems, departments, and external partners.
New Risks from AI and Digital Health Tools
The rapid adoption of AI and digital health tools is creating a new wave of risks that traditional risk management methods struggle to handle. While AI has the potential to improve patient outcomes by 30% to 40% and cut treatment costs by half [7], it also introduces complex security challenges.
Healthcare organizations are already responding cautiously. The sector blocks 17.2% of AI transactions, making it one of the most restrictive industries for AI use [5]. This reflects valid concerns about data privacy, security, and the reliability of AI algorithms in patient care.
The speed of AI-enabled attacks is another concern. Many cyberattacks now unfold in under an hour [6], and the rise of generative AI has fueled a surge in phishing attacks. Cybercriminals are using AI to craft more convincing and personalized attack methods [6].
| Security Risks | Security Safeguards |
|---|---|
| Data breaches | Anonymized data, data masking, breach notifications, identity and access management |
| Leakage to AI chatbots | Acceptable use policies, AI security training, minimal data sharing |
| Lack of transparency | Security audits, risk assessments, algorithm monitoring, transparent data practices |
| Phishing, malware, and interface spoofing | Encryption, secure authentication, endpoint security, anomaly detection |
| Scale of security risk | Encryption for protected health information, access controls, limiting data use |
"Healthcare organizations should acknowledge the potential risks and challenges associated with AI, including concerns about data privacy and security, especially for personal identifiable information, as well as ensuring that AI algorithms and their outputs are highly reliable and unbiased when aiding in the administration of patient care." - Zscaler Report [5]
AI vulnerabilities often spread across platforms and applications, making them harder to manage. A network-based ERM approach offers the visibility needed to address these interconnected risks effectively.
Healthcare Supply Chain Security Gaps
Beyond digital risks, physical and logistical vulnerabilities in healthcare supply chains further emphasize the need for network-wide risk management.
The layered nature of healthcare supply chains creates interdependencies, which can lead to cascading failures during disruptions.
"The deeply layered healthcare supply chain not only creates interdependencies but leads to limited transparency that then elevates risk." - Oliver Wyman Analysis [8]
Recent events highlight these vulnerabilities. In late 2024, Hurricane Helene damaged a Baxter International plant, leaving 86% of providers dealing with IV fluid shortages [8]. It took until February 2025 for the plant to return to normal production levels.
Cyber threats to supply chains are equally alarming. Ransomware attacks on the healthcare sector more than doubled between 2022 and 2023, affecting over 250 organizations [8]. In 2024, a ransomware attack on the largest claims processor breached the data of 190 million people, crippling billing systems and disrupting operations for thousands of providers [8].
Another major concern is concentration risk. A staggering 65% of organizations across industries have at least one single point of failure in their supply chains [8]. In healthcare, where uninterrupted access to medical supplies and services is critical, such vulnerabilities can have life-threatening consequences.
Many healthcare organizations lack the tools and data to effectively manage these interconnected risks. Without proper visibility into supply chains, it becomes nearly impossible to identify and mitigate these vulnerabilities [8]. Network-based ERM provides the oversight needed to address these challenges and ensure a more resilient system.
As the lines between enterprise and operational environments blur, and IT and OT assets become increasingly intertwined, traditional approaches that treat each vendor or system as a standalone entity fall short. Modern threats exploit these connections, making a comprehensive, network-based strategy essential.
Current ERM Frameworks and Tools
As cybersecurity threats in healthcare grow more complex, enterprise risk management (ERM) frameworks and tools have evolved to provide a more integrated, system-wide approach. Healthcare organizations are moving away from narrow, malpractice-focused risk management strategies toward ERM frameworks that address operational, financial, and strategic risks across both internal departments and external partnerships [9].
How Network-Based ERM Frameworks Work
Modern ERM frameworks take a unified approach to risk management, connecting risks across the entire organization [9]. This marks a shift from siloed, project-specific risk assessments to systems that identify how risks interrelate across the enterprise [9]. By breaking down departmental silos, these frameworks uncover hidden connections and provide insights that guide smarter strategic investments [9].
This unified perspective allows healthcare organizations to better embrace patient-centered, value-based care models [9]. With a holistic view of risks, organizations can not only withstand potential hazards but also identify opportunities for improvement and growth [9].
The success of these frameworks relies heavily on reliable data to prioritize risks and determine where resources should be directed [9]. Building a strong "risk culture" is equally important - ERM must be an ongoing effort, supported by leadership accountability and formal governance structures [9].
AI-Powered Risk Monitoring Systems
AI plays a key role in enhancing this integrated approach by enabling continuous and predictive risk monitoring [10]. AI tools analyze data from electronic health records (EHRs), billing systems, and access logs to identify risks in real time with remarkable accuracy [10].
These systems can detect anomalies like unusual billing patterns, duplicate claims, or suspicious access to patient records. By using historical data and real-time indicators, AI can forecast emerging risks, helping organizations allocate resources proactively and adjust risk scores dynamically [10].
Natural Language Processing (NLP) capabilities add another layer of functionality. NLP can analyze unstructured text to spot inconsistencies in clinical documentation and monitor system access logs to flag unauthorized activities, ensuring compliance with HIPAA regulations.
AI’s impact is significant: private payers can save up to 20% in administrative costs and 10% in medical costs [11]. In clinical settings, tools like Abridge - used by organizations such as Mayo Clinic and Kaiser Permanente - have reduced charting time by 74%, allowing clinicians to spend more time with patients [11].
AI platforms also integrate seamlessly with existing systems, pulling data from EHRs, claims engines, and communication logs. By filtering alerts based on urgency and impact, these systems automatically escalate high-risk issues while minimizing false positives.
Third-Party Risk Management Platforms
In today’s healthcare landscape, third-party risk management (TPRM) platforms are essential for managing the risks associated with vendors and supply chains. These platforms help organizations assess, mitigate, and monitor third-party risks, ensuring patient information remains secure and regulatory requirements like HIPAA are met [12].
The need for robust TPRM is clear: in 2023 alone, 133 million health records were exposed in data breaches [12]. Modern TPRM platforms streamline risk management with features like automated assessment workflows, real-time monitoring, and centralized document storage. They tailor vendor reviews based on risk levels, adjusting the frequency of assessments accordingly [12].
These platforms also automate security assurance processes, leveraging frameworks such as HITRUST, ISO 27001:2013, and SOC 2 reports [12]. When risks are identified, they implement clear escalation procedures to ensure critical issues are addressed promptly [13]. Additionally, TPRM platforms support HIPAA compliance by verifying that business associates have proper agreements in place, conducting regular risk assessments, and continuously monitoring vendor cybersecurity practices.
sbb-itb-535baee
How Censinet Handles Network-Based ERM
Censinet takes a modern, network-driven approach to enterprise risk management (ERM) in healthcare, addressing the unique challenges of interconnected systems, vendors, and partnerships. By shifting from traditional, project-based risk management to a more integrated network model, the platform connects healthcare delivery organizations (HDOs) with over 50,000 vendors and products across the healthcare industry [15][18].
Censinet RiskOps™: Streamlining Healthcare Risk Management
Censinet RiskOps™ redefines risk management by providing a unified, network-oriented view of risk. The platform’s Digital Risk Catalog™, which includes over 40,000 pre-assessed vendors, simplifies the reassessment process, cutting review times to less than a day with delta-based updates [14].
This streamlined approach significantly boosts operational efficiency. For example, Terry Grogan, CISO at Tower Health, shares:
"Censinet RiskOps allowed 3 FTEs to go back to their real jobs! Now we do a lot more risk assessments with only 2 FTEs required." [15]
The platform supports continuous risk monitoring across the healthcare ecosystem, covering areas such as vendor management, patient data, medical records, research, medical devices, and supply chain operations. Features like automated risk scoring, corrective action plans, breach alerts, and risk tiering ensure organizations can manage risks effectively across their entire business network [15].
Censinet AITM: AI-Driven Speed and Precision
Censinet AITM leverages artificial intelligence to dramatically speed up third-party risk assessments while maintaining human oversight. Vendors can complete security questionnaires in seconds, while the system automatically summarizes evidence, captures integration details, identifies fourth-party risks, and generates detailed risk reports [16][17].
This AI-powered system doesn’t just automate processes; it keeps risk teams in control through customizable rules and review protocols. By streamlining evidence collection and risk analysis, AITM™ addresses the urgent need for faster responses in today’s rapidly evolving threat landscape. As Ed Gaudet, CEO and Founder of Censinet, explains:
"With ransomware growing more pervasive every day, and AI adoption outpacing our ability to manage it, healthcare organizations need faster and more effective solutions than ever before to protect care delivery from disruption." [16][17]
The platform also acts like air traffic control for AI governance, routing critical findings to the right stakeholders and consolidating real-time data into an intuitive risk dashboard. Its partnership with AWS ensures these capabilities are delivered with strong security measures [16][17].
Censinet Connect™: Facilitating Secure Collaboration
Censinet Connect™ enhances collaboration by enabling secure sharing of risk data between healthcare organizations and vendors. By turning isolated assessments into collective intelligence, Connect™ helps organizations work together more efficiently. James Case, VP & CISO at Baptist Health, highlights this shift:
"We eliminated spreadsheets and gained a robust network of partner hospitals." [15]
The platform is specifically designed for healthcare’s unique challenges. Matt Christensen, Sr. Director GRC at Intermountain Health, emphasizes:
"Healthcare is the most complex industry... You can't just take a tool and apply it to healthcare if it wasn't built specifically for healthcare." [15]
Additionally, benchmarking tools allow organizations to compare their risk posture against industry standards. Brian Sterud, CIO at Faith Regional Health, notes:
"Benchmarking against industry standards helps us advocate for the right resources and ensures we are leading where it matters." [15]
With access to a network of over 50,000 vendors and products, Censinet Connect™ reduces redundant work and improves the speed and accuracy of risk assessments, making it a valuable tool for healthcare organizations [15][18].
How to Implement Network-Based ERM in Healthcare
Shifting to a network-based Enterprise Risk Management (ERM) system in healthcare requires a clear plan, solid infrastructure, and a unified approach to managing risks.
Build a Central Risk Command Center
A centralized risk command center is the cornerstone of network-based ERM. Think of it as the organization’s control hub, where real-time data is monitored, analyzed, and used to drive coordinated responses across various risk areas.
Take Tampa General Hospital as an example. They launched a hospital command center that standardized their electronic health records. The results? They reduced 20,000 excess patient days, improved emergency room triage, and saved $40 million in just one year [19].
"You just need visibility into all the data. You need to know who's in the bed. You need to know their expected discharge date. You need to know how many staff you have." – Dr. Lisa Ishii, senior vice president of operations, Johns Hopkins Health System [19]
To get started, define the mission clearly. The command center should have focused objectives, such as improving patient flow, enhancing safety, or elevating care quality. These goals guide what data to collect and how to use it for informed decision-making.
Success hinges on communication, collaboration, and cooperation among all stakeholders [20]. Early buy-in from physicians, frontline staff, and leadership is critical to overcoming hurdles. Standardizing data collection across departments ensures everyone speaks the same “data language,” making decisions faster and more effective.
Johns Hopkins Health System expanded its command center as part of its patient flow initiatives. This system now prioritizes critical cases, like stroke patients needing MRI scans, and has achieved impressive results: occupancy rates jumped from 85% to 92%, complex case acceptance rose by 46%, and annual revenue increased by $16 million [19].
Centralized data also opens the door for automating routine tasks, streamlining risk management processes.
Use Automated Workflows to Save Time
Once centralized systems are in place, workflow automation can take over repetitive tasks, reducing manual effort and improving efficiency [21]. In healthcare, automation can lighten administrative loads while boosting accuracy and speed.
Focus on workflows that are repetitive, time-intensive, and prone to errors. For instance, an Irish healthcare provider automated fire safety checks, cutting processing time and eliminating cumbersome paperwork [22]. Similarly, Blackpool Teaching Hospitals NHS Trust introduced over 30 automated processes, significantly improving operational performance [22].
To make automation work seamlessly, choose tools that integrate with existing systems like electronic health records, billing software, and patient portals [21]. Security and compliance are non-negotiable. Look for features like data encryption, user access controls, and audit trails to meet regulatory standards.
It’s also important to involve both clinical and administrative teams during implementation. Provide training and ongoing support to ensure the tools are used effectively. By automating workflows, healthcare organizations can free up resources and focus on broader collaboration efforts.
Build Risk Networks for Better Collaboration
To complement centralized management and automation, network-based collaboration transforms isolated risk assessments into a system of shared intelligence. This allows healthcare organizations to exchange insights and best practices more efficiently.
Effective risk networks go beyond traditional vendor-client arrangements. They foster collaborative partnerships among healthcare organizations, vendors, and industry partners. This minimizes duplicated efforts and speeds up risk management processes.
Standardized risk management frameworks are key. While every organization is different, having shared processes helps participants tailor their ERM programs and enables meaningful data exchange and benchmarking.
Clear governance is also essential. Define roles, responsibilities, and accountability measures across the network. Leadership must take ownership of risk management outcomes across the board.
This approach is especially useful for third-party risk assessments. Many organizations work with the same vendors, so sharing validated risk data can save time and improve efficiency.
Regular feedback from partners and ongoing updates to the system ensure continuous improvement. Embedding ERM into the organization’s culture, starting with leadership, ensures it remains a priority.
Digital hubs can further streamline collaboration by providing a centralized space for sharing risk intelligence, best practices, and lessons learned. Although transitioning to network-based ERM takes time and effort, early wins - like improved patient flow and operational efficiency - can pave the way for broader initiatives in quality and risk management.
The Future of ERM in Healthcare
Healthcare organizations are navigating a challenging landscape where cybersecurity threats are growing more complex, all while striving to ensure patient safety and operational efficiency. The move from isolated, project-based risk management to interconnected, network-driven Enterprise Risk Management (ERM) is no longer optional - it's essential for staying afloat in today’s digital healthcare world.
The numbers tell the story. In 2024, 734 breaches compromised over 276 million health records, and 62% of healthcare organizations were classified as "at risk", a figure ten percentage points higher than the global average [25]. These stats highlight the critical need for a shift toward network-based ERM.
This approach reshapes risk management by introducing comprehensive frameworks that enable smarter decision-making and better protection of organizational value through proactive strategies [24][26]. In an interconnected healthcare environment, cyberattacks don’t just target systems - they directly threaten patient care and public health, making cybersecurity a priority for the entire organization, not just the IT department [1].
To succeed, healthcare leaders must treat cybersecurity as a shared responsibility across all departments and leadership levels, embedding it into the broader scope of enterprise-wide risk management.
Why Network-Based ERM Matters
The benefits of network-based ERM are clear. Organizations with effective ERM programs report a 63% drop in the frequency of risk events and up to a 35% reduction in operational losses [23]. These systems go beyond just mitigating problems - they enhance risk visibility, improve foresight, and foster better preparedness.
AI is playing a growing role in this transformation, boosting the precision of risk assessments by analyzing data for hidden patterns [23]. At the same time, the industry is shifting from standalone tools to integrated platforms that combine governance, risk, and compliance with cybersecurity and third-party risk management functions [27].
To adapt, healthcare organizations need tools that offer continuous testing, user-friendly interfaces, and seamless integration with ERP systems and data analytics platforms. These features streamline risk monitoring and provide real-time insights that allow for quick adjustments when needed.
Equally important is the ability to integrate these tools across departments. When ERM systems connect effortlessly with project management software, enterprise resource planning tools, and data analytics platforms, they create smoother workflows and improve overall efficiency [23].
However, technology alone isn’t enough. A strong organizational culture around cybersecurity is critical. As healthcare leaders frequently point out, the human element can either be a powerful defense or a significant vulnerability [1].
What Lies Ahead
Looking forward, healthcare ERM will continue to evolve with rapid digital transformation, AI integration, and changing regulatory requirements. Many healthcare executives report that their organizations are actively exploring or planning to adopt generative AI within the next year [28]. While this opens up exciting possibilities, it also introduces new risks that ERM systems must address.
To prepare for these challenges, healthcare organizations should focus on scalable, tech-driven ERM frameworks. This includes modernizing data infrastructures, transitioning to cloud-based systems, and strengthening cybersecurity protocols [28]. Automating routine tasks and investing in staff training on new tools will also be crucial [28].
The urgency is underscored by workforce shortages - according to the World Health Organization, there could be a deficit of 10 million healthcare workers by 2030 [28]. Network-based ERM can help bridge the gap by automating repetitive processes and offering a clearer view of interconnected risks, enabling organizations to operate more efficiently.
"Companies with a transformational approach to risk can mobilize their teams and business leaders quickly to jump on a new gap in the market."
Healthcare organizations that embrace network-based ERM will be better equipped to tackle future challenges. On the other hand, those clinging to outdated, siloed approaches risk severe consequences [1].
Ultimately, the shift from project-based to network-driven ERM isn’t just about adopting new technology - it’s about creating resilient healthcare systems that can adapt to an increasingly complex risk environment. The future of healthcare depends on making this transformation a reality.
FAQs
How does a network-based Enterprise Risk Management (ERM) approach strengthen cybersecurity in healthcare?
A network-based ERM approach enhances healthcare cybersecurity by offering real-time risk visibility and encouraging team collaboration across departments. This interconnected strategy allows for quicker detection and response to cyber threats, helping to reduce vulnerabilities and limit potential damage.
Unlike older, isolated methods, this approach weaves cybersecurity into the larger risk management framework. It tackles pressing concerns like ransomware attacks targeting medical devices or system failures that could jeopardize patient safety. By tying cybersecurity to overall organizational resilience, this method provides more thorough protection for healthcare systems and the patients relying on them.
How does AI improve risk management in healthcare, and what challenges come with its use?
AI is reshaping risk management in healthcare by offering real-time monitoring, predictive analytics, and automated threat detection. These advancements improve visibility and simplify how organizations address potential risks. For instance, AI-driven tools can pinpoint weaknesses in IT infrastructure or supply chains before they turn into bigger problems, allowing healthcare providers to take action ahead of time.
That said, AI comes with its own set of challenges. Issues like data breaches, cyberattacks targeting AI systems, and gaps in vendor networks can threaten patient data and overall system stability. To tackle these risks, healthcare organizations need to adopt strong security protocols, maintain proper oversight of AI models, and routinely assess their systems for potential vulnerabilities.
How can healthcare organizations adopt a network-based approach to manage risks across supply chains and third-party vendors?
To effectively manage risks in a connected healthcare environment, organizations should begin by building a detailed risk inventory. This inventory should account for all third-party vendors and supply chain partners, ensuring even the smallest vulnerabilities are identified. Keeping a close, ongoing watch on these entities is key to spotting potential weaknesses and understanding their impact on both patient safety and data security.
Incorporating automated risk management tools can make this process more efficient. These tools help flag and rank risks quickly, while platforms that support real-time data sharing and collaboration among stakeholders improve visibility. This kind of transparency allows healthcare organizations to respond faster and more effectively to risks across their intricate networks.
Additionally, adhering to regulations like HIPAA and embedding cybersecurity best practices into risk management strategies are crucial steps. These measures not only protect sensitive information but also help maintain smooth operations while addressing the challenges of managing third-party vendors and supply chains.
