Healthcare institutions urged to address cybersecurity weaknesses

SHERRY KARABIN
Legal Tech News
Published: August 8, 2025

It’s a nightmare scenario for patients and providers—large data breaches exposing sensitive information--increasing identity theft and other risks for clients and creating potential liability for and/or harming the reputation of the institutions.
According to a post in The HIPAA Journal by Editor-in-Chief Steve Alder (https://www.hipaajournal.com/2024-healthcare-data-breach-report/), as of Jan. 28, 2025, a total of 725 data breaches involving 500 or more records had been reported to the U.S. Department of Health and Human Services Office of Civil Rights (OCR) in 2024.
While the number was down slightly from 2023 when there were 747 such incidents, it’s a concerning trend, with the OCR portal showing more than 700 large data breaches taking place each year since 2021.
As MedCity News senior reporter Katie Adams details in her article posted on July 16, https://medcitynews.com/2025/07/hospitals-healthcare-cybersecurity/?__hstc=222739652.94401c0e6e3bf02fcb9279db318386a.1753028908420.1753028908420.1753288931108.2&__hssc=222739652.2.1753288931108&__hsfp=1390341880), while healthcare institutions are strengthening their cybersecurity, a number of areas continue to pose serious vulnerabilities.
In her story entitled “Despite Progress, Healthcare Cybersecurity Is Still Falling Short,” Adams cited research released by healthcare cybersecurity vendor Fortified Health Security.
In the article, Fortified Chief Executive Officer Dan Dodson offers insights and advice to healthcare institutions.
While Dodson said major data breaches and increased regulatory oversight are pushing executives to take cybersecurity threats more seriously, he said there’s still much more to be done.
Dodson said most providers have stepped up their cybersecurity risk analysis efforts. However, he said that alone isn’t enough, adding they must act on the findings.
He identified three main areas in which providers continue to face challenges—Artificial intelligence, third party risk management and budgetary limitations.
He said while providers may be eager to adopt AI tools, in many cases they do not have clear governance frameworks in place to manage the technology and its potential risks of data exposure. At the same time, he said hackers are already utilizing AI to hone their attacks.
Institutions are also at risk due to their reliance on third-party vendors, whose systems may not have the necessary security protocols in place to stave off cybersecurity threats, said Dodson.
A flaw in one vendor’s system can compromise an entire healthcare network, he said.
Budgetary constraints can also limit a healthcare institution’s ability to effectively manage risk.
Dodson urged healthcare institutions to act now to prevent even greater threats in the future, including selecting and implementing a reliable cybersecurity framework such as HITRUST or NIST as soon as possible.

[Back]

The Akron Legal News • 60 South Summit St. • Akron, Ohio 44308 • Phone: 330-376-0917 • Fax: 330-376-7001