A year after the massive Change Healthcare data breach, the effects of the ransomware attack continue to ripple through the industry. The breach added urgency to the sector’s crash program to harden its digital assets, which in turn is adding significant value to relevant degrees, such as that offered through the online Master of Science (MS) in Cybersecurity with Information Assurance (CSIA) – Healthcare Administration Emphasis program.
SUU’s online MS-CSIA – Healthcare Administration program equips graduates for leadership roles in healthcare cybersecurity and information assurance (IA) operations. It focuses on developing insights and expertise in the unique challenges of protecting sensitive data in the sprawling healthcare ecosystem. That expanse creates a vast attack surface full of vulnerabilities, which makes healthcare a top target for cybercriminals.
To counter the criminals, students in the SUU program acquire the skills and expertise to develop and implement innovative technologies to detect and prevent data breaches, ensure regulatory compliance and effectively manage cybersecurity risks in healthcare settings. “We’re seeing unprecedented sophistication in attacks targeting healthcare providers, particularly as organizations struggle with resource allocation,” according to DirSec. “With a growing talent deficit, healthcare organizations must focus on making the most of their existing resources.”
How Are Information Security and Information Assurance Related?
Cybersecurity and information assurance are related but distinct fields with unique scopes and approaches to protecting sensitive information. Cybersecurity is a more recent development that has expanded with the adoption of digital technologies. It relies on tools and technologies such as firewalls, antivirus software and intrusion detection systems to safeguard against unauthorized access, data breaches and cyberattacks.
Information assurance, on the other hand, has a broader scope. Its domain includes digital as well as physical information, requiring a more comprehensive approach. It focuses on ensuring the overall reliability, quality and accessibility of information by managing risks related to information use, processing, storage and transmission.
Cybersecurity is tactical, hands-on and directly involved with the technology of defending digital assets. IA is more strategic and focused on developing policies and standards. “Both information assurance and cybersecurity are crucial for organizations to protect their digital assets and assure the confidentiality, integrity, and availability of their data,” according to ZenGCR.
What Are the Consequences of a Data Breach in Healthcare?
Data breaches affect every part of the healthcare system, including patients, providers and insurers. The most immediate impact of a breach is the violation of patient privacy. For example, The HIPPA Journal reports that the Russia-based cyber extortion organization that engineered the Change Healthcare breach stole 190 million patient records. It then sold the records containing personal, medical and financial information to other bad actors on the Dark Web.
The financial impact encompasses direct costs of breach response, legal fees from potential lawsuits, regulatory non-compliance fines, increased insurance premiums and lost revenue due to eroded patient trust. The long-term economic impact can affect an organization for years, emphasizing the critical need for robust security measures to protect patient data and maintain the integrity of healthcare services.
Cyberattacks can disrupt healthcare operations, affect patient care, cause delays in medical procedures and result in poorer treatment outcomes. “This could happen if a hacker alters the information in a medical record, such as a patient’s medication or allergy details. These changes can lead to medical errors, misdiagnosis, and incorrect prescriptions, which could be life-threatening,” according to the Finkelstein & Partners law firm.
Healthcare organizations often face increased regulatory scrutiny post-breach, mandated changes and more stringent compliance requirements. The long-term economic impact can affect an organization for years, emphasizing the critical need for robust security measures to protect patient data and maintain the integrity of healthcare services.
Why Is Healthcare a Prime Target for Cybercriminals?
Healthcare has indeed become a top target for cybercrime, with several factors contributing to its vulnerability, according to Dialog Health. Statistics that Dialog Health reported in 2025 are alarming:
- Ninety-two percent of healthcare organizations were targeted in 2024, up from 88% in 2023.
- The typical healthcare data breach represents a cost of $408 per record. This cost is three times higher than that reported in other industries.
Multiple access points — including various home devices and wearables connected to the internet — simplify penetration. The life-saving nature of healthcare services makes organizations more likely to pay ransoms. “Change Healthcare admitted it paid a $22 million ransom to the hackers who had targeted them,” according to Cyber Magazine.
However, the most glaring problem with the healthcare industry’s cybersecurity posture is its almost total unpreparedness. For instance, more than half of the surveyed organizations invested less than 10% of their IT budgets into cybersecurity; nearly 20% didn’t know how much they spent on securing sensitive information.
These developments and trends reveal a stark need for cybersecurity specialists equipped with insights into the security needs of healthcare organizations. SUU’s online MS-CSIA – Healthcare Administration program equips students with the crucial skills to safeguard health information.
Learn more about SUU’s online MS-CSIA – Healthcare Administration program.
