Healthcare Sector Faces Urgent Cybersecurity Wake-Up Call; Info-Tech Research Group Releases Critical Insights for Security Leaders
In the wake of the recent Change Healthcare/UHC data breach, critical vulnerabilities in healthcare have been exposed, including outdated systems and weak security measures. In response, global IT research and advisory firm Info-Tech Research Group has published new insights, providing cybersecurity strategies to help healthcare organizations defend against evolving threats. In the resource, Info-Tech stresses the urgent need for improved cybersecurity practices and offers key strategies to security leaders to mitigate ransomware risks, strengthen data protection, and enhance incident response capabilities.
TORONTO, March 13, 2025 /PRNewswire/ – The 2024 Change Healthcare/UHC data breach underscored the urgent need for enhanced cybersecurity within the healthcare sector. Exposing sensitive patient records and disrupting hospital operations, the breach highlighted significant vulnerabilities, particularly around the growing reliance on third-party vendors and outdated IT disaster recovery plans. To help security leaders take proactive measures to strengthen their defenses and protect patient care in the aftermath of cyber incidents, Info-Tech Research Group has published its blueprint Lessons Learned and Life After a Breach in Your Healthcare Organization.
Sharon Auma-Ebanyat, research director at Info-Tech Research Group, says:
In today’s healthcare landscape, organizations face increasing cybersecurity challenges due to their reliance on third-party vendors and complex IT environments,
“The largest healthcare breach involving Change Healthcare/UHC highlighted significant vulnerabilities, disrupting hospital operations and billing and exposing patient records. This underscores the urgent need for comprehensive strategies to address these risks.”
The firm reports that despite the escalating cyber threat landscape, many healthcare organizations have yet to fully implement multifactor authentication, especially for remote access services, leaving critical systems exposed to attackers who exploit stolen credentials.
Info-Tech’s insights also highlight the challenges posed by interconnected IT environments, making it difficult for organizations to detect and address security gaps.
Auma-Ebanyat, adds:
Many healthcare organizations encounter obstacles such as outdated IT disaster recovery plans that fail to address virtual and digital connections, limited budgets and resources, and complex, interconnected systems that make it difficult to identify and fix vulnerabilities,
“Traditional disaster recovery approaches often overlook the evolving nature of third-party risks and virtual environments, increasing susceptibility to cyberattacks.”
Info-Tech advises the need for a more comprehensive and proactive cybersecurity approach to mitigate these risks.
Five-Step Approach to Mitigate Third-Party Ransomware Risks
In its recently published resource Lessons Learned and Life After a Breach in Your Healthcare Organization, Info-Tech provides a structured five-step approach to help healthcare organizations mitigate third-party ransomware risks.
The five-step approach includes:
- Evaluate and Prioritize Vendor Security Risks
Healthcare organizations must assess vendor security risks and prioritize high-risk partners, especially those handling sensitive patient data. A dual vendor strategy for SaaS applications reduces dependency on a single provider, improving resilience against disruptions. - Assess and Document Data Flows and Architecture
Mapping data flows helps identify vulnerabilities and potential ransomware entry points. Strengthening network segmentation and containment strategies minimizes damage and prevents the spread of attacks. - Review and Strengthen the Incident Response Plan
Regularly updating incident response plans ensures organizations can react quickly to ransomware threats. Tabletop exercises can help teams test their response strategies and improve coordination during real incidents. - Develop Data Governance and Classification
A strong data governance framework ensures sensitive data is classified and protected. Implementing access controls and encryption enhances security, reducing exposure to ransomware threats. - Strengthen Disaster Recovery and Security Considerations
Robust data backups and redundancy systems ensure critical operations can continue during an attack. Strengthening authentication, encryption, and access controls further minimize the impact of breaches.
Auma-Ebanyat, explains:
This research offers a roadmap to mitigate third-party ransomware and data breach risks, featuring insights on current healthcare cybersecurity threats, lessons from the Change Healthcare/UHC data breach, and strategies to prevent future incidents,
By leveraging insights from Info-Tech’s blueprint, healthcare organizations can take decisive steps to enhance their cybersecurity strategies and disaster recovery plans. The expert-driven recommendations outlined in the data-backed resource will help security leaders protect sensitive patient data, maintain operational resilience, and prepare for evolving cyber threats.
For exclusive and timely commentary from Sharon Auma-Ebanyat, an expert in the healthcare sector, and access to the complete Lessons Learned and Life After a Breach in Your Healthcare Organization blueprint, please contact pr@infotech.com.
READ the latest news shaping the cybersecurity market at Cybersecurity News Central
Healthcare Sector Faces Urgent Cybersecurity Wake-Up Call; Info-Tech Research Group Releases Critical Insights for Security Leaders, source
