Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingHospitals & Medical Centers

The Change Healthcare breach: What changed, what didn’t, and what must

By Kel Pults
Stethoscope by laptop

National Cancer Institute via Unsplash

February 18, 2025

The 2024 Change Healthcare breach marked a turning point for the healthcare industry. It exposed critical vulnerabilities in current data governance and security practices, underscoring that no organization — regardless of size or resources — is immune to cyber threats. A year later, it’s clear that while some progress has been made, there is still much to be done to protect patient data and ensure continuity of care.

Lessons learned from the breach

The breach served as a wake-up call for the healthcare industry. It shattered the illusion of security that many organizations held and reinforced a hard truth: no one is 100% safe from cyberattacks. To address this reality, organizations must adopt a resilience mindset, focusing not just on prevention but also on preparation for inevitable incidents.

This requires more than just technology — it demands a cultural shift. A truly secure organization educates its workforce to recognize and respond to threats, maintains transparency in data practices, and constantly monitors access to sensitive systems.

Persistent vulnerabilities

Despite heightened awareness, significant challenges persist in healthcare cybersecurity. Many organizations rely on disaster recovery plans that prove insufficient against ransomware attacks, leaving them vulnerable to permanent data loss without robust offline backups. Additionally, cybersecurity failures directly impact patient care, as operational disruptions prevent providers from accessing critical records, delaying care and causing patient harm. Compounding the issue, attackers continuously refine their methods, requiring healthcare organizations to stay ahead through ongoing education and adaptive security measures.

Progress over the past year

The breach catalyzed meaningful discussions about data security, leading to advancements in several areas. Among them is the push for government mandates to improve cybersecurity across the healthcare ecosystem. Proposed measures include requirements for comprehensive data backups and stricter oversight of third-party vendors.

While these initiatives represent progress, their implementation varies widely. Financially robust organizations may adapt quickly, but smaller institutions face significant hurdles. This disparity highlights the urgent need for funding and incentives to ensure compliance across the industry.

What still needs to change

The Change Healthcare breach exposed systemic issues that remain unaddressed. Chief among them is the lack of financial support for organizations struggling to meet cybersecurity requirements. Without adequate resources, many smaller hospitals and clinics are forced to make difficult choices — prioritizing security at the expense of other critical services or, in some cases, merging with larger systems to stay afloat.

Staffing shortages further compound the problem. The healthcare industry faces a dwindling workforce as baby boomers retire and younger professionals gravitate toward more flexible careers. This shortage leaves organizations ill-equipped to manage the increasing demands of cybersecurity.

A path forward

To strengthen data security and governance, the healthcare industry must take a multi-faceted approach:

  • Adopt a resilience mindset: Organizations need to expand their focus from just avoiding breaches to ensuring they can recover swiftly and maintain continuity of care when incidents occur. Comprehensive, offline backups and disaster recovery plans are essential.
  • Invest in education and training: Cybersecurity is everyone’s responsibility. Regular training helps employees recognize threats and respond appropriately, creating a culture of vigilance.
  • Enhance third-party oversight: Vendors often represent weak links in the security chain. Robust monitoring and clear accountability are critical to minimizing risk.
  • Advocate for financial support: Government funding and incentives are necessary to level the playing field, enabling smaller institutions to meet cybersecurity standards without compromising patient care.
  • Prioritize patient-centric security: At its core, healthcare cybersecurity is about safeguarding patients. Maintaining uninterrupted access to critical data is non-negotiable, even during an attack.

Looking ahead

The 2024 breach underscored that cybersecurity is not just a technical challenge but an existential one for healthcare. The path forward requires bold action and sustained commitment.

Every organization, regardless of size, must recognize that cybersecurity is a continuous process. By embracing resilience, prioritizing education, and advocating for equitable resources, leaders can create a safer and more reliable healthcare system.

This breach wasn’t just a wake-up call for a single company — it was a call to action for an entire industry. The stakes are too high to ignore. The collective responsibility is to ensure that patient safety and data security remain at the forefront of everything that is done.

KEYWORDS: data breach data breach response data loss prevention healthcare cybersecurity

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Kel pults headshot

Kel Pults is Chief Clinical Officer & VP, Government Strategy at MediQuant. Image courtesy of Pults

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cyber_lock

    The Data Breach Avalanche: What is the Real Reason for Our Crumbling Defenses?

    See More
  • costs-freepik1170x658v5735.jpg

    What is the annual cost of a data breach?

    See More
  • cyber security

    What your API visibility and monitoring solution must do to fully protect you

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing