AHA names Rubrik preferred provider for hospital cyber resilience

The American Hospital Association has named Rubrik a Preferred Cybersecurity Provider, giving nearly 5,000 member hospitals access to its cyber-resilience services.

The arrangement covers data protection tools, ransomware training and financial risk analysis for member hospitals and health systems. It comes as healthcare organisations continue to face ransomware attacks and other breaches that can disrupt clinical services and expose sensitive patient data at scale.

The sector has been under sustained pressure from cyber incidents for years. Figures cited in the announcement show that more than 935 million healthcare records have been exposed or disclosed in large breaches since 2009, a total equal to more than 2.6 times the US population.

The AHA's preferred provider programme identifies suppliers whose services have been reviewed for hospitals and health systems seeking help with cyber and physical security risks. The association represents nearly 90 per cent of US hospitals and health systems, and says the programme is intended to guide members towards trusted providers.

Under the designation, AHA members can access a cyber-resilience bundle from Rubrik. It includes identity recovery services and Microsoft 365 protection designed to support what Rubrik describes as a minimum viable hospital during an attack. The package also includes a ransomware-response workshop and a five-year financial impact assessment for providers seeking to quantify cyber risk.

The move reflects a wider shift in healthcare security planning from prevention alone to recovery and continuity. Hospital executives and security teams are increasingly focused on how quickly they can restore essential systems after an attack, particularly in environments where outages can halt emergency care, delay treatment and affect patient safety.

John Riggi, National Advisor for Cybersecurity and Risk at the AHA, said cyber incidents in hospitals should be treated as more than an IT problem because of their effect on care delivery.

"A cyberattack against a hospital, which disrupts or delays healthcare delivery, is more than a technical issue; it is a threat-to-life crime," Riggi said. "Ransomware attacks that knock critical care systems offline threaten patient and community safety. As an AHA preferred provider for cyber resiliency, we can confidently recommend Rubrik as a reliable source to defend against and recover from sophisticated cyberthreats and ransomware attacks for our hospitals and healthcare system."

Recovery Focus

Healthcare has become a frequent target for attackers because hospitals depend on complex digital systems and often cannot tolerate prolonged downtime. Electronic medical records, diagnostic systems, scheduling platforms and communications tools can all be affected when attacks spread across networks.

As a result, recovery planning has become a board-level issue for many providers. Security spending increasingly covers backup integrity, identity restoration, incident response planning and business continuity measures, alongside more traditional prevention tools.

Rubrik, listed in New York under the ticker RBRK, has been building its position in cyber recovery and data protection. The AHA endorsement gives it access to a broad base of hospital decision-makers at a time when providers are under pressure to justify cyber spending in operational as well as financial terms.

For hospitals, the financial impact of a cyber incident can extend beyond ransom demands or forensic costs. Outages can reduce patient throughput, delay billing, interrupt elective procedures and trigger wider remediation expenses. In smaller or rural facilities, sustained disruption can create acute operational strain because alternative care options may be limited.

Josh Howell, Healthcare Chief Technology Officer at Rubrik, linked the issue directly to both hospital finances and continuity of care.

"Cyber resilience is essential now that frequent cyberattacks jeopardize the financial stability of healthcare systems and the safety of their patients," Howell said. "Rubrik's AHA designation is an honor that acknowledges the importance of minimizing the fallout from cyberattacks, knowing where and how to restore critical systems quickly, and, most importantly, ensuring uninterrupted care that saves lives."