Addressing health care cyberthreats: Further regulation may be on the horizon

May 21, 2024

Key takeaways

Health care providers must understand the risks of added reliance on technology.

With the Change Healthcare incident showing how disruptive a breach can be, leaders must prioritize security.

Regulatory authorities are reacting to cyber risks in the health care ecosystem.

Having a diligent cyber risk response and business continuity program in place is a must.

Health care Economics Cybersecurity

Technology investment in the health care ecosystem is expanding as organizations implement cloud-based infrastructures, electronic medical record systems, enterprise resource planning platforms and generative artificial intelligence solutions. These investments offer care providers the necessary tools and resources to help meet patient demand.

This investment trend is expected to continue to grow substantially. The data compiled below shows the median infrastructure cloud revenue growth for large, publicly traded cloud service providers. The majority of health care organizations buy cloud services from these providers, indicating the spend from the health care industry will continue to increase as well.

However, as health care organizations expand their digital footprint, they must also understand the risks of added reliance on technology, including further exposure of patient-sensitive information that cybercriminals try to mine.

Fallout from Change Healthcare

To appreciate these risks, one can unfortunately look to the recent impact the cyberattack on Change Healthcare has had on the health care ecosystem and its ripple effect on various sectors of the health care economy. Some organizations have experienced care delays, suspension of reimbursement for services, and difficulty making payroll and payments on current liabilities.

Cyberattacks will likely not end. Cyberattack mentions in the public documents of health care organizations from January to mid-April have been escalating and are set to exceed last year’s total.

Regulatory reaction

Regulatory authorities are reacting to cyber risks in the health care ecosystem. Since the Change Healthcare breach, the Department of Justice, the Department of Health and Human Services’ Office for Civil Rights, and some state attorneys general have acted to investigate various issues stemming from the Change Healthcare cyberattack.

As a result, additional regulatory actions around cybersecurity compliance and transparency of cyber risk management practices are likely to roll out for health care organizations.

To that end, actions that organizations should consider include:

Other considerations include:

  • Assessing whether third-party vendors have sufficient safeguards in place when handling sensitive patient data
  • Having a diligent risk response and business continuity program in place when an attack is attempted

The takeaway

Health care organizations are investing heavily in technology, from cloud computing to AI. Greater investment will provide better tools for staff and improve patient care; however, this digital expansion creates additional security risks. With cyberattacks on the rise, and the Change Healthcare incident showing how disruptive a breach can be, health care leaders must prioritize cybersecurity alongside technological advancements to ensure they can deliver quality care while protecting patient data.

CONSULTING INSIGHT: Business cybersecurity strategy

Cybersecurity is a critical initiative for every organization as threats continue to evolve, and the risk environment remains elevated. Overlooking potential challenges can lead to vulnerabilities and inefficiencies, but RSM’s cybersecurity solutions and strategies can identify your specific risks, incorporate security into your business processes and empower you to make more informed business and risk decisions.

RSM contributors

Subscribe to Health Care Leader Insights

Actionable insights to help health care industry leaders successfully navigate challenges and take advantage of opportunity.