One year after the healthcare world was rocked by a cybersecurity breach at payment firm Change Healthcare, there are still more lessons to be learned, according to an expert on the topic.
More than 700 large data breaches in healthcare were recorded in 2024, affecting more than half of all Americans. The attack on Change Healthcare was the largest data breach of the year and the largest healthcare-specific data breach ever reported. Joshua Corman, founder of the grassroots organization I Am the Cavalry, said the scramble by the industry to try to protect the personal data of 190 million Americans whose records were compromised in the leak was appropriate but shouldn’t be the only area of focus.
“The good news is Congress got really angry at the [medical record] blind spot, and they held the HHS secretary accountable personally, wrote some letters [and] had some hearings,” Corman said.
Corman outlined three other key areas that healthcare organizations should focus on protecting in a cyberattack.
- Caregivers could lose access to medical information, leaving them unable to treat patients with life-threatening conditions.
- An extended disruption created by a breach could affect all patients’ timely access to care.
- If the disruption lasts long enough, cash flow to the hospital could be affected to the point it can no longer keep its doors open.
