Risk, Compliance, and Continuity: Reflections From HIMSS 2026

The healthcare industry is at a pivotal junction where the demand for digital innovation must be balanced against an increasingly hostile cyber threat landscape. As a result, HIMSS 2026 felt like a definitive turning point for digital health. 

Chatter on the show floor was centered on a singular, urgent realization: the “future” of the AI-enabled, hyper-connected hospital is no longer a roadmap item, it is today’s reality. From the emergence of agentic AI to the expansion of the clinical perimeter into the home, the conversations we had with CISOs and IT leaders weren’t just about technology for technology’s sake; they were about resilience. 

As the Netskope team engaged with the healthcare industry this year, we looked at every innovation through the lens of the three core pillars that define modern healthcare security: risk, compliance, and continuity. We see these as the primary digital requirements for maintaining the “heartbeat of care” in an era of unprecedented connectivity. 

In this post, we’ll dive into the key themes and highlights from our week at the conference, including our Modern Blueprint for AI, the shift toward identity-centric security, and why a unified ecosystem is the only way to ensure patient safety never skips a beat.

The modern blueprint for the AI-enabled hospital

A highlight of our HIMSS experience was hosting a customer breakfast panel titled “The Modern Blueprint for the AI-Enabled Hospital.” This session featured Steven Ramirez, CISO of Renown Health, alongside Kris Vande Loo, VP of Healthcare at Netskope. Together, they outlined a strategic framework for leveraging AI-driven telemetry to ensure continuous compliance and clinician agility in a shifting threat landscape.

The discussion focused on three essential factors every healthcare organization must follow when enabling AI:

• Discovery and asset management: Meticulously cataloging all data, applications, and services (DAAS) to understand the organization’s digital data footprint.
• Audit and control testing: Implementing rigorous security audits and due diligence for all vendors, particularly those handling protected health information (PHI).
• Continuous monitoring and compliance: Using frameworks like Continuous Threat Exposure Management (CTEM) to identify and remediate vulnerabilities before they are exploited.

Both Steven and Kris emphasized that a connected partner ecosystem is critical for maintaining business continuity and patient safety during large-scale incidents. hey also discussed why a unified SASE architecture is superior to legacy VPNs. Unlike traditional VPNs, which often create bottlenecks and security gaps, a unified SASE approach ensures users are never placed directly on the network, maintaining patient privacy in a hybrid work environment.

Three key observations from the HIMSS floor

Beyond our panel, our team identified three major trends shaping the future of healthcare IT:

1. Identity is the new perimeter

Securing identities and the resources they access is now paramount. We saw a significant shift toward passwordless authentication to enhance clinical efficiency, notably with Imprivata’s recent announcements regarding advanced access management and agentic identity management. Netskope supports this shift through our Zero Trust Engine, which provides unparalleled contextual awareness, allowing for precise, granular access policies that verify identity and risk in real time.

2. The universal language of zero trust

The phrase “trust, and always verify” echoed through nearly every session. Interestingly, even non-security vendors are now championing zero trust. This widespread adoption of a secure ethos has occurred because digital transformation has expanded the attack surface so significantly that traditional perimeter models are no longer effective. However, many solutions lack the depth of context (such as instance awareness and behavioral anomalies) that we believe is required for a true zero trust implementation.

3. Securing the shared clinical workspace

Protecting shared mobile devices and workstations is a top priority for clinical leaders. As clinicians increasingly rely on mobility to deliver care, securing these shared hosts without adding friction is essential. This is where the recently announced Netskope and Imprivata integration excels. By securely handling identity across shared, mission-critical environments, we ensure that clinicians have fast, secure access to the tools they need while maintaining a robust security posture for every session.

In healthcare, security shouldn’t be a trade-off for clinical agility. By unifying risk, compliance, and continuity, Netskope empowers your organization to embrace the future of AI and digital health without compromising patient privacy. Together, let’s keep the heartbeat of care secure, resilient, and ready for anything.

Ready to build a more resilient architecture? Download our latest white paper: Risk. Compliance. Continuity: A Unified Blueprint for Modern Healthcare Security.