Hospitals boost cyber budgets

84% of hospital CIOs signaled plans to boost cybersecurity budgets for 2026, with a median planned increase of about 26% in security spending. (nchstats.com) The February 21, 2024 ransomware attack on Change Healthcare ultimately affected roughly 190 million people, triggering multi-month operational outages across providers and payers. (techcrunch.com) UnitedHealth Group’s parent-company tally and follow-on analyses put the attack’s cost to the organization at roughly $3.1 billion, a figure hospitals cited when pressing for expanded third‑party risk controls and vendor redundancy. (bankinfosecurity.com) Major health systems accelerating GRC modernization are migrating legacy risk platforms to integrated, workflow-driven platforms—examples include migrations from RSA Archer to ServiceNow GRC for scale and automation. (rede-consulting.com) Automation of audit evidence and control-testing workflows is being operationalized: architects are designing automated evidence flows between GRC and ITSM to shorten SOX testing cycles and support continuous control monitoring. (complyragrc.com) Cloud security posture management (CSPM) and cloud-native monitoring are being purchased as first‑line defenses—providers listing Prisma Cloud, Microsoft Defender for Cloud, and healthcare-focused CSPM guidance as deployment choices. (paloaltonetworks.com) Security operations automation is pairing SIEM with SOAR to cut mean‑time‑to‑respond; Cortex XSOAR and Microsoft Sentinel are cited in healthcare reviews and case studies as platforms that reduce analyst workload and accelerate playbook‑driven remediation. (healthtechmagazine.net) Privileged access programs are expanding—CyberArk and BeyondTrust case studies show large hospitals and children’s hospitals rotating application credentials and locking down long‑lived service accounts as part of new capital projects. (cyberark.com) Federal and sector analyses highlight gaps in SOC capabilities, IAM, and incident response that hospitals are now funding directly, with HHS landscape work calling those areas urgent for improvement. (405d.hhs.gov) Market signals show stronger hiring and compensation for internal IT controls and GRC roles: Glassdoor reports SOX Manager averages near $222,431 in the U.S., PayScale lists a Sarbanes‑Oxley Compliance Manager median around $114,724, and GRC roles show six‑figure medians as demand grows. (glassdoor.com) Job‑market data and ISC2 research indicate continued demand for CISA and CISSP credentials across healthcare and vendor risk roles, with thousands of listings for CISA/CISSP‑preferred roles on major job boards in 2025–2026. (indeed.com)