Skip To Main Content

Healthcare Cybersecurity Challenges and Strategies

Best practices to help mitigate the ever more frequent and costly data breaches in the healthcare industry.

With malicious attacks and ransomware on the rise, cybersecurity has become one of healthcare’s leading concerns. Health systems, hospitals and physician practices are devoting increasing attention to this issue. Banks and financial institutions are on the cybersecurity front lines and dedicate substantial resources to client data protection.

To help leaders, this piece examines the current cybersecurity situation, outlines key complexities, and offers a brief compendium of best practices being recommended today.

Problem Scope: Healthcare a Prime Target

Cybersecurity threats span many activities. Most prominent for healthcare are incidents in which a provider’s network has been compromised by intruders, often leading to breaching the data firewall. These data breaches are increasingly accompanied by ransomware — malware that encrypts files and restricts users’ access until a ransom is paid. This form of extortion offers a decryption key in exchange for payment that is frequently demanded in difficult-to-trace cryptocurrencies.

Ransomware is flourishing because it is opportunistic and indiscriminate. Protected health information (PHI) and regulated clinical trials information are just two examples of sensitive health data that represent attractive targets.

Magnitude of the Problem

The depth and breadth of the threat can be captured in a few sobering statistics.

Data Breaches

  • Federal government statistics reveal a steady upward march over the years to 725 data breaches involving 500 records or more in 2023.1
  • During this time, more than 133 million records were exposed or impermissibly disclosed.1
  • There has been a 239% increase in hacking-related data breaches between January 1, 2018 and September 30, 2023, and a 278% increase in ransomware attacks over the same period.1
  • Between 2009 and 2023, 5,887 healthcare data breaches of 500 or more records were reported to the Office for Civil Rights, resulting in the exposure or impermissible disclosure of 519,935,970 healthcare records. That equates to 1.5x the population of the United States.

Payment Fraud

While this article focuses on data breaches and ransomware, it is an appropriate reminder that security threats extend to payment fraud and theft. Email scams are the prevalent attack vector with Accounts Payable and Treasury departments the most frequently targeted.

Growing Complexity

Several forces are fueling these upward trends. The shift of staff to remote work and extensive use of telehealth added endpoints and disrupted workflows, exacerbating the security challenge. Telehealth is only one manifestation of the ongoing connected health trend that relies on a range of devices, remote sensors and mobile tools which multiply vulnerabilities. Finally, continued industry consolidation often leads to organizations with multiple IT systems and security capabilities.

A further complication is that today’s threat actors are more sophisticated and dangerous. They are:

  • Able to pursue expanded attack surfaces and relentless attacks.
  • Better organized. Individuals have largely been supplanted by organized criminal groups and governments. Many maintain business functions such as customer service links to make needed code changes to ensure successful decryption.
  • Highly efficient. Tools such as ransomware and other technologies are used to harvest significant amounts of data.
  • Using “naming and shaming” sites to add public pressure and reputation threat.

Keeping up is a major undertaking with little room for complacency.

Multiple Impacts

Other negative consequences of data breaches can accompany any actual monetary ransom paid, including:

  • Exposure to lawsuits.
  • Erosion of trust by patients and partners.
  • Cost of defense. Providers incur operational expense and opportunity cost of IT projects that cannot be funded as a result.
  • Patient safety. A ransomware attack on a hospital crosses the line from an economic crime to a threat-to-life crime.

Cybersecurity Strategies

Combating the problem requires multiple strategies:

Ongoing Defense and Preparation

Experts counsel a proactive and consistent defense posture. A centerpiece of this effort is an incident response plan that is robust and updated to account for changing threats. Practicing response plans is advised at least quarterly and whenever a new threat vector is uncovered. Preparation builds resilience and the ability to respond rapidly.

Security Operation Centers (SOC) are another core pillar of defense, providing real-time monitoring, detection and response in order to mitigate or prevent cyberattacks when they occur. The emergence of cloud-based SOC-as-a-service brings this option to smaller organizations.

Several specific best practices have emerged. CommerceHealthcare® summarizes leading recommendations for security preparedness based on known threat vectors:

  • Have a forensic investigation and compliance firm with an SLA on retainer for incident response time.
  • Create an enterprise-wide data map with types and locations.
  • Adopt and update strong remote desktop protocols as well as endpoint detection and response tools.
  • Prepare for need to use out-of-band communication. In a compromised system, attackers may be eavesdropping on email and collaboration tools.
  • Attend to the human factor, often the weakest link. Strengthen employee awareness of how to recognize and respond to email phishing and other attack modes.

Breach Response

What do experts recommend when facing a ransomware demand? First, activate the complete response team, including legal, IT, forensics and communications. Concerning the communications, many advise not rushing out an immediate public statement. Determine what happened and try to close the breach first, since copycat attacks often occur once the incident is broadcast. In most situations, it is a good idea to contact your financial institution when a breach is suspected or identified. The bank can monitor activity, lock down accounts and perform other protective maneuvers.

Of course, deciding whether to pay the ransom is directly dependent on the level of business impact. Healthcare’s significant risks to patient safety and privacy frequently lead to payment.

Broader Perspectives

Several enterprise-level considerations surround the array of tactics just described. Leaders are urged to regard cybersecurity as a risk-reduction function, not just as a problem that can be solved with technology. Corporate security experts stress the need to build a cybersecurity culture by influencing how employees prioritize, interpret, learn about and practice cybersecurity. Collaborating with providers and even competitors further buttresses defense.

Collaborating with a Bank

A provider’s bank relationship offers another potential cybersecurity force multiplier. For example, Commerce Bank has a dedicated CISO and maintains substantial IT security discipline that includes:

  • 24/7/365 system monitoring
  • Constant system testing and improvement to mitigate risk
  • Extensive security training for internal and client teams

The financial industry is subject to numerous federal, state, and local laws and regulations focused on mitigating cybersecurity threats. The requirements are monitored and enforced by an array of organizations ranging from the Federal Reserve to the Cybersecurity and Infrastructure Security Agency, to the SEC. Moreover, a well-capitalized financial institution can devote the resources needed to scale and sustain these various efforts.


Understanding today’s cybersecurity threats and remaining vigilant and proactive are not guarantees of success, but they are prerequisites to a strong defense. The considerations and strategies offered here form the backbone of a vibrant program.

To Learn More

Offering an experienced perspective on data security, receivables, payments and lending, CommerceHealthcare® delivers innovative financial solutions to meet the unique needs of healthcare organizations and their patients. Our team of specialists takes time to understand your processes, then recommends tailored strategies for optimizing revenue, improving cash flow and creating better patient experiences. Our high-touch services and growing suite of solutions solve challenges across the payments continuum while streamlining receivables management and offering patient financing options. As trusted advisors, we are committed to seeing your organization thrive by helping you navigate today’s complex financial environment. Learn more at


  1. HIPPA Journal, Healthcare Data Breach Statistics, 2023.

  2. These Best Practices assume that your organization has a commercially reasonable base security infrastructure in place. Furthermore, these Best Practices should not be your organization’s sole means of protection against fraud losses, but rather they should be included as part of a more comprehensive program implemented by your organization to identify, mitigate and insure against potential risk from fraud losses. Even if complied with in its entirety, these Best Practices do not guarantee against becoming a victim of fraud. This is only an attempt to provide some commonly accepted practices that may help reduce the likelihood that you become the victim of fraud. Commerce Bank, which is not holding itself out as a security consultant or expert, makes no guarantee, warranty, or representation of any kind as to the results that you may achieve by following the Best Practices and disclaims any liability related thereto. The term Best Practices does not mean or imply that these practices are a definitive or uniformly accepted compilation of optimal security practices.

  3. CommerceHealthcare® solutions are provided by Commerce Bank.