Healthcare organizations in the United States face more cyberattacks now. These attacks come in different forms. Some common ones include ransomware, phishing scams, supply chain breaches through third-party vendors, and business email compromise (BEC). In 2024, a study showed that 67% of healthcare groups had ransomware attacks, and 37% had no plan to respond to incidents. Without a plan, many hospitals and clinics are at risk of serious problems.
These cyberattacks can cause big trouble. Ransomware attacks can delay treatments and medical procedures. Sometimes, this leads to longer hospital stays or worse results for patients. Hospitals can lose hundreds of thousands of dollars each day if they must stop operations. The effects spread beyond money, causing delays in prescriptions, emergency help, and scheduled surgeries.
Healthcare groups often spend a lot to protect their own computer systems. But third-party providers are a major weak point in cybersecurity. These providers include billing companies, IT support, medical device vendors, data storage firms, and supply chain companies that healthcare relies on.
In 2023, attacks on third-party healthcare associates affected 58% of the 77.3 million people harmed by healthcare data breaches. This was a 287% increase from the year before. Many attacks happen because third-party vendors have weaker security. One major example was the 2024 ransomware attack on UnitedHealth Group’s Change Healthcare. This attack affected every hospital in the U.S. since the company processes 60% of prescription payments nationwide.
Cybercriminals often use a “hub and spoke” method. They attack one key third-party provider (hub) to reach many healthcare groups (spokes). When the hub is attacked, many healthcare systems can be affected at once. The Change Healthcare attack delayed services at 74% of hospitals it impacted and slowed prescription processing for 40% of patients. These delays harmed patient care.
The financial cost of these attacks is very high. The Change Healthcare attack alone cost roughly $2.87 billion. This total includes lost business, ransom payments, legal expenses, and disrupted operations. In 2024, ransomware groups targeting healthcare reportedly got $133.5 million in ransom payments. These costs show that cyberattacks are not just security problems but also cause financial trouble for healthcare providers.
Patient records are especially valuable to criminals. These records hold personal ID information, medical histories, insurance info, and payment details. All of this has value on the black market. Unlike credit card details, medical records are hard to change or replace. This makes them more attractive targets for attackers.
Hospital leaders need to know that cyberattacks affect the whole organization, not just the IT department. Managing these risks is now a top priority for entire organizations and the healthcare sector.
One important step is to build and improve Third-Party Risk Management (TPRM) programs. These programs review and oversee all third-party vendors. They should also check the vendors used by those third parties (fourth-party suppliers). Regular technical checks, contract reviews, and cyber insurance rules matched to each vendor’s risk level are essential parts of these programs.
Training staff at every level is needed. Everyone should know how to follow incident response plans during an attack. Preparations should include backup plans for up to four weeks or more of downtime. These backup plans must keep key services going, like emergency patient care and pharmacy operations. The Joint Commission advises hospitals to be ready for downtime lasting a full month because a serious cyberattack could stop work for that long.
Many breaches happen because of basic security problems. These include weak identity management, no or poor multifactor authentication (MFA), and old software systems. These weak spots exist in both healthcare providers’ own systems and in cloud services run by third-party vendors. The Cybersecurity & Infrastructure Security Agency’s (CISA) “Secure by Design” program pushes software and device makers to add stronger security while creating their products. This reduces risk for everyone.
The healthcare system is very connected. Services like telemedicine, wearable health devices, and electronic health records (EHRs) increase the ways an attack can happen. Hospitals, clinics, pharmacies, and labs share many connections. They also rely on a few third-party vendors for important IT, device management, and business services.
This concentration raises systemic risk. If one vendor is hacked, the problem spreads to many healthcare groups. Systemic risks can cause widespread delays and strain emergency services. For example, the 2024 CrowdStrike outage and the Change Healthcare attack showed how big failures at third-party vendors can shut down care across large areas.
Medical practice leaders must create plans that combine cyber incident responses with emergency preparedness. These plans help hospital units, IT teams, and vendor partners work together to reduce harm if a system stops working.
Cyber insurance is now an important protection for healthcare groups. Insurance covers costs from data breaches, like legal fees, ransom payments, and recovery actions. But insurance works best with strong third-party risk programs. Healthcare providers should make sure their vendors have enough cyber insurance to match their risks. This helps avoid gaps in coverage.
Experts like Jennifer Wilson from Newfront say specialized guidance is needed to manage complex insurance claims after breaches. The Change Healthcare attack showed how tricky claims and recovery efforts can be. Professional help is important for handling the financial and operational effects.
Artificial intelligence (AI) and automation are becoming useful in handling cyber risks and challenges in healthcare. AI tools can watch network activity in real time, spot suspicious actions, and warn teams before attacks happen. For medical and IT managers, using AI helps make security stronger and more active.
Automation also lowers human mistakes by making routine tasks easier. Scheduling appointments, handling patient records, and billing become more streamlined. This reduces chances for attacks like phishing or email fraud. Automation can also keep communication safe and steady, cutting down data leaks caused by errors.
Some companies, like Simbo AI, use AI for front-office phone automation. This helps patient interactions while protecting sensitive info from unauthorized access. It also lowers risks tied to manually sharing information. Automation helps organizations follow privacy rules and speed up responses when strange activity is found.
AI-powered security also helps manage third-party risks. It can check vendor security, scan for weaknesses, and find odd actions linked to third-party software or devices. These tools support ongoing checks instead of one-time reviews. This lets healthcare groups react quicker and better to new threats.
Healthcare providers using AI and automation can improve both efficiency and security. This approach is important as digital healthcare grows and many vendors play a role.
Medical practice administrators, owners, and IT managers in the U.S. need to stay aware and improve third-party cyber risk plans. As healthcare technology grows, cyber risks will rise too. But focused risk management and using AI-supported automation can lower risks and help keep patient care safe.
Cyberattacks disrupt patient care and safety, posing risks to patients in hospitals and affecting the entire community’s access to urgent health services. Ransomware attacks can delay care and lead to potential loss of life.
Attacks on third-party providers can be more disruptive than direct hospital attacks, affecting critical functions and services, as demonstrated by the Change Healthcare incident that impacted every hospital in the U.S.
Fifty-eight percent of the 77.3 million individuals affected by healthcare data breaches in 2023 were due to attacks on health care business associates, marking a significant increase from the previous year.
Cybercriminals employ a ‘hub and spoke’ strategy, targeting a single third-party provider to access numerous healthcare organizations, thereby amplifying the attack’s impact.
Hospitals should assess and enhance their business continuity plans, specifically for critical technology and services, and prepare for possible extended disruptions.
Training staff ensures effective execution of incident response plans during real cyberattack scenarios, thereby minimizing the impact of potential incidents.
The four strategies include reviewing the TPRM framework, implementing risk-based controls, clearly communicating policies, and intensively preparing for incident response.
Cyber insurance requirements should be specified in business associate agreements based on the vendor’s risk level, helping to mitigate financial impacts from data breaches.
Technology providers must create more secure products, as the responsibility for cybersecurity should shift from end-users to those developing technology.
The AHA provides resources, partnerships with cybersecurity vendors, and guidance for hospitals and health systems to prepare, prevent, and respond to cyber threats.
Simbo is using AI agents to automate all phone related workflows. Connect now to know more.
Schedule AI Agents Demo Now© Since 2019, Simbo AI.
