In healthcare, downtime isn’t just inconvenient – it’s dangerous. When systems go dark, clinical workflows halt, clinicians lose access to critical patient data, and operational bottlenecks can quickly escalate into risks such as patient safety and missed payroll. As cyberattacks grow more frequent and complex, health systems are realizing that resiliency isn’t just an IT concern; it’s a clinical and operational one.
Few leaders understand this better than Cletis Earle, Field Chief Technology Officer for Healthcare at Citrix. With more than two decades of technology leadership – including CIO roles at Penn State Health and College of Medicine and Kaleida Health – Cletis has guided large health systems through hospital builds, M&A integrations, cyber incidents, and major digital transformation efforts. A former Chairman of CHIME, he’s known across the industry as a steady, strategic voice advocating for using technology to improve care delivery and provider experience.
I sat down with Cletis for a candid conversation about what it truly takes to build business resiliency in healthcare today and why the future requires tighter coordination between clinical teams, IT leaders, and trusted partners.
Resiliency as a clinical imperative
You’ve often said that technology is the backbone of hospital operations. How do you talk about resiliency in a way that resonates as a clinical priority, not just an IT metric?
Cletis Earle: Resiliency has to be grounded in practices clinicians already understand. Hospitals, especially emergency departments, constantly rehearse for emergencies. They practice trauma protocols, stroke pathways, and coordinated responses long before an incident happens. That preparation is core to how physicians and nurses operate.
Technology needs the same discipline: tabletop drills, scenario walkthroughs, and cross‑departmental planning. If you bring technology leaders to the same table as clinical teams and incident‑response groups, you build shared muscle memory. When an outage hits – and it will – nobody is scrambling to understand their role. You’ve already practiced the moves together.
From preparedness to cyber defense
Healthcare organizations are facing a rising tide of cyberattacks. Ransomware is escalating, breaches are costly, and attackers are increasingly sophisticated. How does Citrix’s approach to segmentation and device governance help contain the impact of an active incident?
Cletis Earle: Citrix gives CIOs tools that can make a real difference when they are designed intentionally and configured well. One of the most impactful is NetScaler, which helps prevent dangerous lateral movement inside the network. That east-west movement is where attackers often cause the most damage, moving from system to system once they gain access.
Segmentation plays a critical role, especially in healthcare environments filled with biomedical devices. Many health systems manage tens of thousands of infusion pumps, monitors, and research instruments, and many of those devices are difficult to upgrade. Micro‑segmentation allows those assets to be isolated, so a vulnerability in one device does not expose the broader environment.
Zero trust access adds another layer of protection. During an attack, partners such as EMR vendors may disconnect for their own safety. By standing up clean, verified environments using a golden image, organizations can reconnect more quickly and restore access without reintroducing risk.
Ultimately, resiliency comes down to preventing harm, limiting the impact of an incident, and accelerating recovery. In healthcare, that means stopping ransomware from spreading, avoiding system‑wide outages, and restoring clinical access in days rather than weeks. When organizations approach resiliency this way, technology stops being abstract and starts directly supporting patient care.
The hidden bottlenecks in recovery
Recovery from an incident can be complex. Based on your experience, what bottlenecks do leaders consistently underestimate when trying to restore clinical operations?
Cletis Earle: The biggest bottleneck is lack of planning. Everyone says, “It’s not if, it’s when,” but many organizations still operate as if an incident won’t happen to them.
CIOs need to meet with their boards, walk through realistic scenarios, talk about investments, and outline what recovery will actually require—for both short- and long-term outages. Even with the best tools, you can’t succeed without groundwork like patching, eliminating technical debt, and cleaning up shadow IT. Leaders often don’t know everything running in their environment. You can’t protect what you can’t see.
Bad actors can often break through even the toughest defenses. But if you’ve established strong controls and removed low‑hanging vulnerabilities, you deter opportunistic attackers and improve your odds with more advanced ones.
Navigating the chaos of “Going to Paper”
One of the most stressful moments for clinicians is when a hospital is forced to “go to paper.” How can a Citrix-led architecture support continuity of care in those high-pressure moments?
Cletis Earle: Going to paper sounds orderly, but in reality, it’s chaos. Patients keep arriving. Medication lists matter. Historical data matters. Clinicians still need information to provide safe care.
Citrix can help bridge that, but only if it’s architected before a crisis. Always‑on workstations and offline modes can help, but they depend on security controls, application design, and whether partners maintain connectivity.
When you’re compromised, EMR vendors may disconnect you entirely. That’s where Citrix’s zero trust architecture comes in: we can verify a clean environment and re-establish safe access far faster than a manual process. But again — you have to design for this in advance.
Restoring a clean environment
Continuity can become complicated, and another challenge is restoring systems without risking reinfection. How does Citrix simplify spinning up a known-good golden image?
Cletis Earle: Traditional golden-image restoration is slow and manual. You need huge compute farms; you often have to pull devices off the floor; and you physically touch thousands of endpoints. It can take weeks.
Citrix changes that dynamic. With automated PXE booting, you can convert compromised devices into thin clients and point them immediately to a clean, zero‑trust environment. No USB drives, manual reimaging, or armies of technicians.
You push out the golden image instead of pulling devices in. It’s faster, safer, and dramatically reduces the labor required. And if the network is compromised, we work with organizations to build multi-layered contingencies to keep recovery moving.
Meeting the new bar for cyber insurance
Cyber insurance requirements are tightening, and providing evidence is another pressure healthcare organizations face. How does Citrix help organizations demonstrate, not just claim, that the right controls are in place?
Cletis Earle: Insurers want auditable proof. That includes segmentation, MFA, governance – the whole picture. Citrix tools can generate that.
We can show which devices sit in which segments, how lateral east‑west traffic is restricted, what applications are isolated, and what vulnerabilities have been addressed. Manual segmentation takes years in older facilities. Virtual segmentation with automated reporting can compress that dramatically.
This not only supports compliance but also reduces risk, which can help lower premiums and protect organizations financially.
Citrix as a business resiliency partner
Throughout this conversation, Cletis consistently connects the clinical, operational, and technical dimensions of healthcare. His perspective is shaped by decades spent inside major health systems, navigating real incidents, real outages, complex M&A activity, and the daily pressures of supporting clinicians at the point of care.
At Citrix, the healthcare team approaches resiliency with the same mindset. Recovery conversations with our customers focus less on servers and systems and more on medication lists, historical data, clinical access, and the ability to move safely from crisis to continuity.
Resiliency is not something built during an event. It is cultivated through preparation, repeated drills, cross‑functional collaboration, and honest evaluation of gaps—long before a cyberattack or outage occurs. And ultimately, resiliency is not just a technical objective; it is a clinical requirement. Health systems cannot protect patient care without protecting the technology that supports it. Citrix’s approach offers a practical, realistic path forward for organizations preparing not only for what they have experienced, but for what lies ahead.
For more perspectives from Cletis Earle, click here.
