Cybersecurity in Healthcare: Combating Challenges through Public Private Partnership

The U.S. healthcare industry has become a prime target for cybercriminals, as standard practices that are in place to address cybersecurity do not address the unique challenges that persist in healthcare. Between 2018 and 2022, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights tracked a 278 percent increase in ransomware attacks, and a 256 percent increase involving large data breaches and hacking on healthcare entities. The consequences of these breaches range from delays in patient care, cash flow issues for medical facilities, leaks of sensitive information, frozen pharmacy payments, and threats to patient access to emergency care. The growing occurrence of cyber-attacks on the U.S. healthcare system has prompted policymakers to consider what our state and federal governments can and should do to mitigate threats. At the federal level, policies under consideration in both the executive and legislative branches reflect the growing risk and importance of cybersecurity in safeguarding patient data and ensuring the integrity of healthcare services. Many proposed policies are centered on reporting and informing affected individuals of data breaches, but lack preventive efforts that could protect systems and personal health information. This report outlines some of the key challenges, along with some recommendations for policymakers as they weigh the growing threat and possible path forward to help protect this facet of critical infrastructure in the U.S.