We recently spoke with Andrew Harrison, principal product manager, international, at Imprivata about the future of EPRs. Andrew shared some key examples of best practices and gave his own insights into secure access for clinicians.

Balancing security and usability in EPR adoption

Due to the sensitive – and therefore valuable – patient data they hold, healthcare organisations have long been a highly attractive target of external security threats. That vulnerability was historically highlighted during the 2024 breach of Change Healthcare, the largest data breach ever reported. As a result of the attack, the protected health information of some 190 million individuals was compromised, and business operations were severely hampered.

As a CISO, there are moments when you realize you’ve been asking the wrong question. For months, I’d been personally trying to solve for device sprawl, authentication fatigue, and mobile device loss in a rapidly shifting hybrid work environment for one of my projects. My team was burned out managing mobile devices manually or with disparate tools. Worse yet, we lacked the visibility we needed to properly assess our security risk.

Cybersecurity spending is up—but so are the challenges facing IT teams. Global information security budgets are projected to hit $212 billion this year, yet many organisations still face staffing shortages, operational blind spots, and rising pressure to keep up with evolving threats.

As economic pressure tightens and IT talent remains in short supply, organisations are allocating cybersecurity budgets with a sharpened lens toward driving efficiency and ROI. A recent IANS Research report found that cybersecurity budgets increased only 4% in 2025, down from 8% the year prior.

As outsourcing accelerates and digital ecosystems grow more complex, organisations are finding that traditional vendor risk management strategies aren’t enough. Recent Imprivata data reveals just how exposed organisations are to third- and fourth-party risk.