
By Errol Weiss, chief security officer, Health-ISAC.
Healthcare data breaches are reaching unprecedented levels, with attacks that target the industry surging in both frequency and sophistication. Cybercriminals are zeroing in on vulnerabilities across healthcare systems, exploiting outdated and unpatched systems to steal and manipulate sensitive patient data.
From medical histories to genomic information, this data has immense value, making it a lucrative target for ransomware, phishing schemes, and insider threats. As healthcare organizations scramble to shore up defenses, the risks extend beyond financial losses to jeopardize patient safety and trust.
The urgency is exemplified by two landmark pieces of legislation—the Healthcare Cybersecurity Act of 2024 and the Health Infrastructure Security and Accountability Act of 2024 (HISAA). These laws aim to confront the mounting threats, but they also raise critical questions: Can they outpace the rapidly evolving tactics of cybercriminals? Are they enough to close the gaps left by outdated regulations like HIPAA?
Topics covered in this article include:
- Limitations of existing legislation
- A new era of protection
- Future opportunities
- Final thoughts
Read the article in Electronic Health Reporter. Click Here
- Related Resources & News
- Health-ISAC whitepaper highlights cybersecurity responsibilities in medical device lifecycle, focuses on resilience
- Health-ISAC Hacking Healthcare 2-3-2025
- Exploring the Cybersecurity Roles of Manufacturers and Healthcare Organizations During the Medical Device Lifecycle
- Impacts of Proposed US Import Tariffs on the Global Health Sector
- NY Blood Center Attack Disrupts Suppliers in Several States
- 2025 Newsletter – February
- DeepSeek’s Security Risk Is A Critical Reminder For CIOs
- $6.4m to combat health sector cyber threat
- Threat Bulletin: SimpleHelp RMM Software Leveraged in Exploitation Attempt to Breach Networks
- EU Commission Calls for Health Sector ‘Cyber Action Plan’