The year 2024 brought about a surge in cyberattacks and data breaches within the healthcare industry, causing widespread concern and disruption. These incidents not only posed a threat to patient safety but also resulted in significant financial losses for healthcare organizations. Cybercriminals took advantage of the sector’s outdated technology systems to exploit valuable patient information, leading to ransom demands and the auctioning off of data on the dark web.
One of the most prominent cyberattacks of the year was the ransomware attack on Change Healthcare, a company owned by UnitedHealth. This attack severely impacted payments from insurers to providers, affecting the healthcare of over 100 million Americans. The incident prompted federal regulators to launch an investigation into Change Healthcare, and UnitedHealth CEO Andrew Witty was called to testify before Congress regarding the company’s security protocols.
While the Change Healthcare attack garnered significant attention, several other healthcare organizations fell victim to cyberattacks and data breaches throughout the year. Ascension, one of the largest nonprofit health systems in the country, faced a ransomware attack that disrupted its electronic health record system, leading to hospital diversions and operational disruptions across multiple states. The attack also contributed to Ascension’s substantial financial losses during the fiscal year.
In addition to larger healthcare systems, smaller facilities also experienced cyber incidents, including a children’s hospital in Chicago, a provider in Michigan, and a healthcare system in Colorado. These attacks underscore the widespread vulnerability of healthcare organizations to cyber threats.
Furthermore, the trend of data breaches following cyberattacks has been on the rise, with breaches at a CMS contractor and benefits administrator HealthEquity exposing the personal health information of thousands of individuals. The number of reported data breaches to regulators increased significantly compared to previous years, highlighting the urgent need for improved cybersecurity measures within the healthcare industry.
As we look ahead to 2025, it is crucial for healthcare organizations to prioritize cybersecurity and implement robust measures to safeguard patient data and prevent future cyber incidents. By learning from the lessons of the past year, healthcare providers can better protect themselves and their patients from the growing threat of cyberattacks and data breaches.
