The New Healthcare Triad: Safety, Cybersecurity, and Profitability in Diagnostics

Editor's note: This article was originally published on the Zscaler Blog

Let’s talk about numbers. Without diagnostic devices, the $4 trillion U.S. healthcare industry crumbles. These tools are the compass guiding clinicians toward accurate treatments and life-saving interventions. But in 2025, diagnostics face twin challenges: cyber threats that creep in like unchecked weather systems and cost pressures that ever-tighten the margins. At the same time, there’s no margin for error when patient safety is on the line. That's the tightrope we explored together at today’s session—"Remember Those Walls We Built? Well, Diagnostics Can Tumble Them Down."

Under my moderation (Tamer Baker, CTO for Healthcare at Zscaler), three highly accomplished healthcare leaders shared their experiences navigating this razor’s edge. Naomi Lenane, CIO of Dana-Farber Cancer Institute, relentlessly digs toward safety without sacrificing innovation. Nayan Patel, CIO at Upson Regional Medical Center, balances rural healthcare access with cybersecurity on a lean budget. Robert Posner, CTO of AbsoluteCare, champions technological agility while managing high-risk, high-cost populations.

Safety & Innovation: Strange Bedfellows or Cooperative Agents?

One insight stood out early in our discussion: safety and innovation are not opposing forces; they’re collaborators. Robert explained how AbsoluteCare uses an AI-enabled fundus camera to detect diabetic retinopathy among its Medicaid population. The innovation wasn’t just an upgrade—it significantly increased adoption by delivering instant diagnoses, improving patient follow-through. In this scenario, innovation reinforced safety by addressing barriers to access and time-to-treatment.

Naomi, managing the intricate web of oncology care at Dana-Farber, brought a contrasting perspective. While safety and innovation align conceptually, execution in oncology tends toward caution. This tension showed in her example of deploying an ovarian cancer risk assessment tool. Building the algorithm took a year of rigorous validation by nine specialists, prioritizing precision over speed. The lesson? In highly critical or experimental spaces, "rapid" innovation isn’t always viable; knowing when to slow down matters as much as knowing when to sprint.

The Triple Threat of Diagnostic Devices: Cost, Compliance, and Cyber

If innovation is about the what, cybersecurity and cost are often the how. Nayan highlighted the complexities stemming from loosely enforced procurement processes at his rural hospital. Vendors frequently appeared with shiny new solutions—often without looping in IT early enough. While his IT steering committee now brings critical governance, the real “aha” moment came when he framed this reality with a strong metaphor: If it plugs into the wall, it needs to pass IT oversight.

Robert, however, warned that auditing devices is merely the baseline. At AbsoluteCare, all diagnostic technology must meet the organization's HITRUST certification standards—no exceptions. This proactive risk assessment protects patient safety and blocks any degradation of the clinical workflow. Leaning into system-wide cybersecurity frameworks ensures that tactical gaps don’t open wider strategic vulnerabilities.

Still, cybersecurity alone doesn’t pay bills. Our conversation naturally gravitated towards profitability. Both Naomi and Nayan zeroed in on the importance of viewing diagnostic tools through the lens of total cost of ownership (TCO). It’s not just the upfront price of a device—it’s the downstream resource requirements, workforce impacts, and ongoing needs (e.g., cyber risk scans). Fascinatingly, Nayan referred to digital health leaders as “technology CFOs,” distilling how every decision we make balances budgets, business, and life-saving technology. It’s a title that captures where we stand—on the boundary of care delivery and financial stewardship.

Regulating Innovation: AI & Diagnostics in the Crosshairs

All panelists agreed: Regulation hovers ominously over innovation, particularly as diagnostic tools incorporate AI. Naomi illustrated this beautifully with her cancer center’s internal AI tools, explaining how a newly established AI governance process hasn’t just become routine—it’s also intended to be rewritten annually. “[Unlike] our standard policies, AI governance isn’t static. It has to flex as standards and risks evolve,” she noted.

For Robert, the approach is preemptive. By default, his team evaluates potential regulatory impact before rolling out new cybersecurity products, often relying on frameworks like HITRUST as proxies for future compliance shifts. Other panelists, however, reflected more frustration. Across the session, one theme emerged: rural hospitals suffer disproportionately when "one-size-fits-all" compliance regulations push baseline equipment and staffing levels out of reach. Naomi highlighted the need for inclusive policy-making, warning against assuming major academic health systems can represent the spectrum of American healthcare needs.

But here's where our collective action plan emerged: Regulatory scrutiny and digital tools need simplification. Nayan closed out this section with a call to KISS (Keep It Simple and Sustainable) methodologies. While steering committees and oversight are essential, over-complexifying compliance processes only drives fragmentation and widens inequity.

Final Takeaways: Building a Future That Works

So, what’s actionable from this whirlwind discussion?

1. Align All Stakeholders: Governance is baseline—not optional. Diagnostics should be treated as critical core systems, not add-ons exempt from IT processes.
2. Measure Beyond ROI. Use not just financial metrics, but also clinical and workflow indicators, to refine and justify innovations over time.
3. Invest in Education. Foster robust engagement with regulatory bodies and partners while building internal expertise. CHIME, ViVE, and local networks are invaluable here.
4. Push for Transparency. Whether it’s AI models or simple data-sharing protocols, both vendors and organizations need to double down on openness. Transparency boosts trust—which is the currency of adoption.

Diagnostic tools hold the power to revolutionize care, but only if we dismantle legacy siloes and replace them with frameworks that prioritize collaboration. In an industry as dynamic—and precarious—as healthcare, balancing safety, innovation, and profitability is more than a checklist. It’s how we shape the future.

To my fellow technology CFOs, let’s keep building it. Together.