Lately, when talking to healthcare security leaders, one thing has been coming up more than anything else: they know their security infrastructure is disconnected; they know it creates risk, and they’re not sure how to close the gap without a costly overhaul.
That’s not a failure of intent. It’s a consequence of how security was built in the healthcare sector. Over decades, physical security and cybersecurity have developed distinct disciplines with separate ownership. Facility teams would manage badge readers, cameras, and alarm panels where IT managed networks, servers, and software. Each domain had its own vendors, its own procurement cycles, and its own reporting lines. Understandably, back then the assumption was that running them independently was sufficient.
