CIOs in healthcare were critical to keep healthcare organizations running through a once-in-a-lifetime crisis. Companies needed to transform themselves, quickly and securely, to sustain life as the pandemic unfolded.

That ability to adapt clashes with a misconception on what delays technology innovation in healthcare.

"When I joined two and a half years ago, my assumption was the reason healthcare was so far behind was that healthcare was too risk-averse," said B.J. Moore, a former Microsoft executive who joined Providence Health as EVP and CIO in 2019. "I was totally wrong. We've actually, in the last 18 months during a pandemic, made more changes in our environment than we ever made in Microsoft in a five-year period."

In reality, the fault lies in a siloed approach: healthcare has missed technology cues from other industries. 

"Healthcare is pretty insular," said Moore. "They really haven't looked at other industries for influence."

Telemedicine and other new technology protocols of healthcare delivery are now a lifeline to continued care, adding complexity to the duties of healthcare tech executives. Almost two-thirds of clinicians say even now telemedicine is a key way to maintain access to their patients, Healthcare Dive reports. But the challenges facing healthcare CIOs are multi-dimensional.

Enabling telehealth and the digital front door is part of the challenge, according to Sridhar Karimanal, head of the Health and Life Sciences group at Eagle Hill Consulting. Traditional healthcare systems face competition from other types of healthcare providers, such as urgent care centers. 

But CIOs are also tasked with maintaining the quality of care and balancing costs, all the while keeping critical IT infrastructure up and running, attracting enough talent and fending off the looming threat of cyberattacks, according to Karimanal.

Here are three top challenges healthcare CIOs face in their industry.

Technical debt

Coming from big tech, Moore's first impression of the healthcare space was that technical debt was bogging down progress.

"The biggest issue that I see is the technical debt that we have in healthcare," said Moore. The industry's problem with technical debt was evident prior to the pandemic, but "COVID[-19] highlighted the fragility of our ecosystem and ability to scale and expand."

Technical debt impacts companies across industries. Six in 10 engineers find tech debt can slow their pace of development, and the average engineer dedicates six hours a week to dealing with technical debt according to data from Stepsize. 

To combat technical debt at Providence Health, Moore has taken a three-pronged approach: simplify, modernize and innovate. Using Oracle Cloud, the organization is working to consolidate an array of different ERP systems, health record systems and applications. 

Cybersecurity

The criticality of healthcare organizations made them prime targets in the broader rise of cyberattacks. The pandemic's disruption led to an increase in cyberthreats at 86% of U.S. organizations, Deloitte data shows. 

The volume of cyberattacks on hospitals and healthcare systems is starting to threaten bottom lines, according to credit rating agency Fitch Ratings.

Because of its implications for sensitive data, cybersecurity is the main challenge for CIOs in the healthcare space, according to Kisha Hortman Hawthorne, SVP and CIO at Children’s Hospital of Philadelphia (CHOP).

"Healthcare organizations across the country continue to see exponential increases in malicious attempts such as malware and ransomware, data breaches, insider threats, compromise of passwords (password spraying), phishing and vishing scams, and cloud threats," said Hortman Hawthorne in an email. "These attacks are financially lucrative for cybercriminals as they make profits by selling data."

Ongoing threats against healthcare systems make cybersecurity a critical area of focus that requires "significant resources for CIOs and healthcare organizations," said Hortman Hawthorne. "We must understand organizational risks and how to prepare for potential cyber incidents and events."

To safeguard the organization against threat actors, CHOP's defense strategy begins with its staff.

"We show our employees firsthand how to be cyber smart and safeguard themselves and the organization in all situations," said Hortman Hawthorne. "Many techniques and available resources are constantly in motion to help keep our staff alert."

Additionally, the organization heeds warnings and recommendations on cyberattack risks from the FBI, the Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency (CISA), and the Office for Civil Rights (OCR).

Access to talent

In an under-supplied candidate's market, healthcare tech leaders are also struggling to find the right kind of talent to fill their IT aspirations.

"The top challenge for me is, actually, people: finding the right talent available at the right price with the right value proposition, whether they're internal or external," said Craig Richardville, chief information and digital officer at SCL Health.

As a response to the dearth of talent, more than half of leaders plan to cross-train workers from other parts of their organization, according to the 2021 Harvey Nash Group Digital Leadership Report. 

SCL Health relies on its mission to attract talent who may be seeking a role where they can have a broader impact, said Richardville. "That aspect is appealing to a lot of people who want to contribute back to society."