United States

5 cyberthreat trends to watch in health care


With the rapid expansion of electronic access to protected health information (PHI) and other sensitive data, as well as the increasing value and unlawful uses of such data in underground markets, the health care industry is becoming a vulnerable and attractive target for cybercriminals. At RSM’s recent webcast, Protecting your PHI from cybercrime, our presenter Joseph Benfatti, partner, risk advisory services, shared some important cyberthreat trends impacting the health care industry.* They include:

  1. Compliance-based security is no longer enough in the current security landscape. A combination of both federal mandates and risk assessments is needed.
  2. Government agencies are weighing in. Beyond the Department of Health and Human Services, agencies such as the Food and Drug Administration are weighing in on cybersecurity rules in regard to medical and radiological devices.
  3. Third-party hacking is on the rise. Related business entities are usually less sophisticated in regard to the Health Insurance Portability and Accountability Act and state mandates. Hackers are beginning to target these associated businesses that handle sensitive data for larger health care organizations.
  4. Nation-state attackers are focusing on health care information repositories. Foreign governments are now going after PHI to find high-ranking military personnel information, as well as information on corporate executives.
  5. State breach laws are becoming as complex as federal mandates. Additionally, there are generally different guidelines and time frames for notifications per state.

What can health care organizations do to protect themselves from these mounting threats? Benfatti’s recommendations include:

  • Diligently evaluate and monitor third-party relationships
  • Develop consistent, common security policies across divisions and platforms
  • Implement an incident response plan with continuous monitoring
  • Activate cybersecurity insurance, but be aware of the changing nature of the coverage

*Compiled from RSM research, Norse and SANS Health Care Cyberthreat Report

How can we help you?

To discuss how our team can help your business, contact us by phone 800.274.3978 or

Subscribe to Health Care Leader Insights

Events / Webcasts


RSM Virtual Health Care Day

  • September 30, 2021


HHS Provider Relief Fund reporting and compliance update

  • July 20, 2021


Health care industry webcast series - spring 2021

  • June 10, 2021