As we start the new year with a renewed focus on patient trust and data protection, cyber resilience remains one of the most pressing challenges facing healthcare in 2026. When cyber incidents occur, the impact reaches people first—through delayed appointments, pharmacy disruptions and slower care when clinicians lose access to electronic health records. Cyberattacks often involve unauthorized access to protected health information, including diagnoses, treatment history, Social Security numbers and insurance details. As cyberattacks, third-party breaches and supply-chain vulnerabilities continue to rise, these disruptions increasingly affect healthcare organizations of all sizes, placing patient’s access to reliable care at risk.
Hospitals, health clinics and health plans remain prime targets due to their access to sensitive health and financial data. Bad actors use this information for identity theft, fraudulent insurance claims and other scams. Addressing these challenges requires collaboration, shared responsibility and strong leadership across the healthcare ecosystem.
At CareFirst BlueCross BlueShield (CareFirst), protecting the confidentiality, integrity and availability of our members’ data is essential to maintaining the trust of the communities we serve. Cybersecurity is embedded in everything we do. As threats evolve, we remain committed to innovation and collaboration, working with federal partners such as the Cybersecurity and Infrastructure Security Agency (CISA) and healthcare industry leaders through the Health Sector Coordinating Council (HSCC).
The HSCC Cybersecurity Working Group brings together more than 400 healthcare providers, health plans, pharmaceutical and medical technology companies, and health IT organizations. For more than a decade, it has served as a trusted forum for public-private collaboration to strengthen healthcare cybersecurity by:
- Identifying cyber and physical risks to the security and resilience of health data
- Developing practical, actionable guidance to reduce those risks
- Partnering with the federal government to improve threat preparedness and incident response
To strengthen the health plan voice in this national effort, CareFirst’s Chief Information Security Officer, Rob Suárez, recently joined the HSCC Cybersecurity Working Group’s Executive Committee. In this role, Rob helps ensure that payer perspectives are represented and patient safety is prioritized as the group develops publicly available cybersecurity best practices and policy recommendations for the healthcare sector.
HSCC Previews 2026 AI Cybersecurity Guidance
Our modern healthcare system needs strong guidelines, standards and digital infrastructure to securely manage the growing volume of patient data generated by electronic health records, connected medical devices and artificial intelligence (AI) tools. As AI becomes integrated into healthcare, it is also reshaping the cybersecurity threat landscape. Bad actors now use AI and machine learning to create more convincing phishing attempts, exploit software vulnerabilities and accelerate ransomware activity across the healthcare ecosystem.
To address these emerging risks, the HSCC Cybersecurity Working Group created an AI Cybersecurity Task Group focused on helping healthcare organizations prepare for the safe and responsible use of AI. The Task Group has released a series of one-pagers previewing its 2026 AI Cybersecurity Guidelines across five key areas:
- Education and Enablement
- Cyber Operations and Defense
- Governance
- Secure-by-Design Development
- Third-Party Risk and Supply Chain Transparency
Together, these resources reinforce HSCC’s commitment to practical and accessible guidance while supporting healthcare organizations of all sizes as they strengthen cyber resilience. Full guidelines will be released later this year.
At CareFirst, our mission is to make healthcare more accessible, affordable and equitable for the communities we serve. Protecting our members’ information is central to that mission. By helping lead national collaboration through the HSCC Cybersecurity Working Group, we’re advancing standards that strengthen member trust, support responsible innovation and safeguard patient data across the healthcare system.
CareFirst is proud to contribute to this work and to partner across the industry to build a safer, more resilient healthcare ecosystem for our members and the communities that rely on us.