Healthcare cyber security involves a wide range of regulatory, security and administrative policies and standards. As cyberattacks become more sophisticated, organizations in the healthcare industry are acutely aware of the threats they face and the obligation to protect the sensitive information in their systems.  

In this discussion, we will take a close look at cyber security in healthcare, examining the challenges the industry faces, the impact of security breaches and some best practices healthcare enterprises can follow to protect patient information and reduce risk. 

Cybercriminals’ attempts to steal personal information or launch ransomware attacks create ripple effects that touch virtually every layer of the healthcare system, from individuals to care facilities to the businesses that support them. 

Among the major threats to patient privacy is medical identity theft, or when someone steals personally identifiable information (PII) such as your name, social security number and uses it to submit fraudulent claims to Medicare. The impact of this type of cybercrime is wide reaching and threatens to upset the patient’s healthcare coverage. 

Ransomware attacks are another big healthcare cyber security concern. According to the FBI’s Internet Crime Complaint Center (IC3) report from 2023, healthcare and public health was the most-targeted industry sector in 2023, during which the number of reported ransomware incidents was 2,825, with a cost of $59.6 million.

In the event of a ransomware attack on a hospital, surgeries have to be cancelled and relocated, ambulances are diverted and patient files are disturbed. The impact can be enormous. In 2020 alone, more than 600 healthcare organizations in the United States were affected, involving more than 18 million patient records and costing nearly $21 billion.  

Certain kinds of hospitals may be at higher risk for ransomware attacks, such as teaching hospitals that conduct biomedical research and have a large stream of data running between organizations. Rural hospitals where a single facility may serve several counties are in a particularly tricky situation, since there might not be another care facility nearby to utilize instead. Hackers know that a rural hospital’s ability to relocate patients is severely limited, and this adds significant leverage to their ransom demands.

The threat of cybercrime is certainly not exclusive to the health care industry; enterprises in all sectors should develop smart cyber risk management strategies.

Training employees in proper cyber hygiene can be particularly effective. Cybercriminals often target employees with phishing scams or other cyber threats, using social engineering tactics to gain access to networked systems.

It isn’t difficult to find examples of cybercrime’s impact on the healthcare industry. A 2024 ransomware attack on UnitedHealth group, one of the largest healthcare payment processors in the country, was called the most serious incident of its kind. The attack caused 70,000 or 90% of pharmacies that use its payment processor to move offline.

The interruption prevented doctors from electronically refilling prescriptions and kept insurance plans from reimbursing care providers. Change Healthcare, one of its subsidiaries, typically processes more than 15 billion health billing transactions annually. According to news reports, UnitedHealth Group has paid out a total of $3.3 billion to compensate providers that were affected by the attack.

But cyberattacks on providers or networks have the potential to impact much more than finances and patient data. A breach in healthcare cyber security could seriously jeopardize patient safety, especially for patients admitted to a hospital during a ransomware attack.

Organizations in the healthcare space should implement strategies to reduce cyber security risk, including:

Strong access controls and user authentication are fundamental steps toward safeguarding data networks. In fact, weak passwords that are easy to guess are often one of the root causes of a data breach.

In an environment where information is accessible across departments, facilities and personnel, a health system’s cyber security may hinge on the integrity of third-party vendors. Vendors should be vetted and onboarded carefully and monitored regularly. Steps should be taken to ensure the vendor will not represent a legal, regulatory, compliance, operational or strategic risk to the client organization.

Healthcare enterprises should work to reduce their attack surfaces, or potential entry points for cybercriminals, that can be both digital and human. Let’s take a look at three types of attack surfaces:

If you’re considering a career that nurtures your interests in information technology and healthcare, DeVry can help you get started.

Our Associate Degree in Health Information Technology with a Specialization in IT and Cybersecurity program can help you position yourself to learn what’s required to safeguard sensitive health information from hackers and ransomware attacks. As a DeVry student, you’ll develop these skills through our Digital Health Core, gaining hands-on experience by working with simulated patient records using industry-standard software. Courses in medical terminology, ethics, electronic medical records, compliance and other aspects of health information technology are presented in a 100% online format, allowing you the flexibility to study when and how you like.

Our Associate Degree in Cybersecurity and Networking and our Bachelor’s Degree in Cyber Security and Networking programs can prepare you to pursue a place in the evolving cyber landscape, teaching you how to set up intricate information networks, protect them from threats, and help you prepare to pursue a variety of industry certifications. As a student in these online technology programs¹, you’ll receive a complimentary laptop during your second session. It’s our way of investing in your cybersecurity education—and you.

Online learning with DeVry can help you balance your commitment to education with work, family and other aspects of your busy life. Classes start soon. Let’s talk about getting you enrolled in the program that fits your personal and professional goals.