How to Address Healthcare’s Cybercrime Problem
The healthcare industry remains a prime target for cybercrime, with many prominent organizations falling victim to serious attacks.
In February 2024, Change Healthcare was infiltrated by cybercriminals who obtained the sensitive health data of potentially hundreds of millions of people. A few months later, an intruder hacked into the electronic health record system of Ascension, stealing the personally identifiable information (PII) of an undisclosed number of patients. These two incidents were very expensive and caused disruptions in various essential services. Change Healthcare, for example, has stated the incident will cost them more than $2.3bn so far in 2024. Both attacks also featured some of the most common cybercrime tactics, including phishing and ransomware. To protect themselves from a similar fate, healthcare organizations would be wise to know what kinds of attacks to look out for and why they continue to be effective. This article by Errol Weiss, Health-ISAC chief security officer, covers the top four methods of attack on health sector organizations and basic protocols to implement to prevent them.
- Related Resources & News
- Healthcare Heartbeat 2024 Q4
- Health-ISAC Hacking Healthcare 2-19-2025
- Podcast: Reflecting on the Change Healthcare cyberattack
- Senate Confirms Trump Pick RFK Jr. to Lead HHS
- The Alarming Backdoor Hiding in 2 Chinese Patient Monitors
- Health-ISAC 2025 Health Sector Cyber Threat Landscape
- How Health Systems Manage Security in the Cloud
- Change Healthcare Attack a Wake-up Call for the Industry
- Five High-Impact Cyberattacks Healthcare Industry Should Avoid in 2025
- Health-ISAC Hacking Healthcare 2-11-2025