The massive ransomware attack on Change Healthcare in February 2024 spread economic chaos throughout the $4.5 trillion industry and triggered considerable investments in technology to protect its digital assets. This emergency expansion of healthcare’s cybersecurity defense opens the field for healthcare executives with expertise in developing and deploying information assurance strategies.
The online Master of Science in Cybersecurity with Information Assurance (MS-CSIA) – Healthcare Administration program from Southern Utah University (SUU) equips graduates with high-demand insights and experience. The curriculum focuses on topics such as cybersecurity risk management and the foundations of healthcare administration.
Noting that the digital transformation of the U.S. economy has propelled cybersecurity to the front of technical innovation, Forbes says the issue is even more acute in the healthcare sector: “There are no low yield vs. high yield breaches; rather, all breaches have the potential to be catastrophic with regards to patient privacy and identity,” it warns.
The Change Healthcare hack demonstrated the disaster that can follow a cyberattack. ALPHV/BlackCat, a Russia-based ransomware and extortion gang, launched the attack on the medical billing interchange. It halted payments among patients, insurance companies and healthcare providers and held patients’ records hostage, showing why cybersecurity is essential.
Why Is Cybersecurity a Chief Concern in the Healthcare Industry?
The U.S. healthcare industry comprises a sprawling network. A partial list of its components includes public, private and teaching hospitals; research centers; outpatient, urgent care, and surgical centers; biotech and pharma manufacturers; diagnostic providers; all their suppliers and business partners; and, of course, patients.
“Two of the biggest factors for healthcare providers are the sheer size of their attack surface and the limitations vendor restrictions place on their technology stack,” according to Health Data Management. The tech stack includes electronic records, data management processes, operating systems and hardware, networking, security and compliance tools, data-sharing solutions, patient portals and telemedicine platforms. The far-flung network of often incompatible or poorly protected technical components is a target-rich environment for hackers who exploit vulnerabilities such as:
- weak authentication or identity management
- connected medical devices like implantable blood pressure sensors, diagnostic equipment and hospital information systems
- outdated software, weak or default passwords and lack of regular security updates in Internet of Things-connected medical devices
- improper authentication in medical devices controlling medication delivery
- limited data encryption functionality in small, lightweight medical devices due to design constraints
Shasta Turney explains in an article from Ping that 92% of healthcare organizations were hacked at least once in 2024. One in three noted a correlation between ransomware attacks and increased patient mortality, according to The Journal of mHealth, and 57% directly attributed reduced quality of care to hacks.
However, Ping predicts renewed industry investment in digital security managed by cyberdefense professionals with healthcare expertise will gain the upper hand. “By combining expertise and technology, healthcare organizations can build a resilient, future-ready security infrastructure that protects sensitive data, fosters patient trust, and ensures uninterrupted care delivery,” Turney concludes.
Why Is Healthcare a High-value Target for Ransomware Attacks?
Healthcare organizations are the third most popular targets for attack, ranking only behind manufacturing and professional services. And yet, the industry suffers an average per-breach cost of nearly $10 million, according to Ping. Healthcare data breaches typically last 213 days before discovery, according to Security Intelligence.
The healthcare and financial sectors share two characteristics. Both are heavily regulated, and both generate, store and share enormous amounts of data over multiple networks, forming a wide and vulnerable attack surface. Black Kite says both sectors are moving up on the list of most valued targets as ransomware groups are becoming more strategic about their attacks and using advanced technology to determine how to score the biggest payday. The stakes are higher, the defenses more sophisticated and the payoffs potentially larger in these data-rich pools.
What Is the Career Potential for Healthcare Administration Cybersecurity?
A Bain Capital survey of U.S. healthcare providers and payer executives found 75% already have increased investment in hardening their IT infrastructure. The respondents said they typically focus on return on investment, but with greater demand for more effective cybersecurity and information assurance, they are more willing to experiment with technology and strategies.
This signals enormous career opportunities for graduates of the SUU online MS-CSIA – Healthcare Administration program. Its comprehensive online program equips them for leadership roles in high-demand, lucrative careers as analysts in security healthcare, cybersecurity compliance, cyber resilience and healthcare cybersecurity services.
Learn more about SUU’s online Master of Science in Cybersecurity with Information Assurance – Healthcare Administration program.