📌 This article is part of my "5 Healthcare Trends to Watch and Act On" series.

In this series, I’m breaking down five key healthcare trends shaping 2025—why they matter, how they’re impacting the industry, and what healthcare leaders should do next.

💡 Explore the Full Series:

🏠 Overview: 5 Healthcare Trends to Watch and Act On
1️⃣ Trend 1: Data Security Becomes a Competitive Advantage (You’re here)
2️⃣ Trend 2: Data Interoperability Becomes the Backbone of Healthcare
3️⃣ Trend 3: Advanced Risk Stratification and Predictive Analytics
4️⃣ Trend 4: Addressing Health Equity Through Social Determinants of Health
5️⃣ Trend 5: Value-Based Care (VBC) Drives Innovation

When it comes to data security, healthcare is grappling with a harsh reality: no system is immune to breaches, and human error is often the weakest link. Recent examples, such as the Ascension data breach (56 million records exposed due to employee oversight) and the Change Healthcare ransomware attack, are stark reminders of what’s at stake.

Coupled with new proposed regulations aimed at strengthening healthcare data security, it’s clear that compliance alone won’t cut it. Data security is now a critical factor in growth, trust, and maintaining a competitive edge.

Here’s what this means for each group and why getting ahead of these challenges is crucial:

Health Tech Vendors

Data security is more than technical features. For innovative vendors, it’s a competitive edge that builds trust and drives growth. Health plans aren’t just looking for compliance; they want trusted partners to safeguard member data without adding unnecessary complexity. The vendors who lean into this will:

• Design tools that proactively identify and mitigate risks, including human error.

• Build workflows that make secure practices second nature for users.

• Highlight their security measures as a core value in RFPs and sales presentations.

The vendors who lead on security will not only check the box. They’ll position themselves as indispensable partners, build trust, and win more business.

Health Plans

A breach like the one at Change Healthcare underscores the stakes for health plans. Beyond operational disruption, breaches erode member trust and tarnish reputations. With recent regulations tightening reimbursement across the board—including hits to risk adjustment, Star Ratings, and an incoming Trump administration eager to show taxpayers that government dollars aren’t being wasted—health plans face mounting pressure to do more with less.

Public sentiment only adds to the challenge. Gallup’s latest findings show that Americans’ view of healthcare quality has fallen to a record low. Combine that with outrage over issues like prior authorization denials and the tragic murder of Brian Thompson, CEO of UnitedHealthcare, and the writing is on the wall: public trust in health plans is fragile at best. Plans may have more money, but they’ll be required to deliver with fewer resources.

This makes data security non-negotiable for safeguarding members and protecting health plans from the kind of negative media that can cripple growth and tarnish their brand. To stay ahead:

• Partner with vendors who prioritize security in both design and execution.

• Make data security a core component of RFPs and vendor evaluations to raise the bar across the entire care delivery ecosystem.

• Publicly commit (and follow through) to safeguarding member data. Trust in corporations, especially health plans, is at a low point, and genuine action will set plans apart.

These actions move from defensive to offensive and will be essential to retaining members, rebuilding public trust, and driving long-term, sustainable growth for the business.

Private Equity & Venture Capital Firms

The Ascension and Change Healthcare incidents highlight a significant risk for investors: a single breach can tank valuations and derail portfolio performance. Forward-thinking PE/VC firms should:

• Require portfolio companies to conduct regular risk assessments and simulate breach scenarios. SOC2 and HITRUST certifications have their place, but they’re not inherently valuable unless actively reviewed and tested.

• Encourage investments in employee training and tools that mitigate human error. Too often, companies treat security training as a box-checking exercise. Startups are especially vulnerable given their fast-paced, multi-hat-wearing culture, remote teams, and access to vast troves of highly confidential data.

• Treat data security as an enabler of growth and value creation, not a cost center. When security is embedded into the culture of a portfolio company (and the investment firm itself), it carries more weight than a set of bullet points on a values page.

Private equity firms increasingly recognize the need to tighten their focus on cybersecurity within their portfolio companies. This shift reflects the growing understanding that cyber defenses are no longer optional and are instead essential to safeguarding investments and ensuring sustainable growth.

Investors who embrace security as part of their playbook will protect their assets, increase resilience, and improve exit opportunities.

A Unified Call to Action

The proposed data security regulations and high-profile breaches like those at Ascension and Change Healthcare (among countless others across the healthcare landscape, even in the past few years alone) underscore an urgent truth: the stakes for healthcare and health tech have never been higher. For health tech vendors, health plans, and investors alike, the path forward is clear—those who prioritize proactive, practical, and people-focused data security strategies will lead the industry.

Data security isn’t just about avoiding fines or checking compliance boxes; it’s about building trust, driving sustainable growth, and staying competitive in an increasingly complex environment. Vendors can stand out in the market by embedding security into their value propositions. Health plans can protect their reputations and reassure members. Investors can safeguard their portfolios and enhance value creation.

The organizations that act now will position themselves as leaders, earning the trust of their partners, members, and stakeholders alike.

🔥 If you liked what you’ve read, there’s more where that came from.

This article is part of my "5 Healthcare Trends to Watch and Act On" series, where I break down the biggest shifts shaping 2025. If you want to see all five trends at a glance and dive into the ones that matter most to you, check out the full overview here.

📣 Like this? Support it.

If this helped you see the game differently, you can now become a supporter. It keeps the signal strong and the work sustainable.
→ Become a supporter