New Data Breach Risks in Healthcare Revealed by Xtelligent Research Survey Sponsored by Pondurance

We are all aware that midmarket organizations face significant risk of falling victim to a data breach. Unfortunately, organizations in the healthcare sector are in the top five industries that fall victim to data breach attacks. According to a recently published research survey by Xtelligent Healthcare, commissioned by Pondurance, 60% of healthcare providers experienced four or more system failures, cyberattacks, or breaches over the past year. 

Health data is highly regulated in the United States, with federal laws that address patient data security, privacy, and data breach notification, as well as the myriad of state laws that often require different and confusing provisions for data privacy and breach response. 

Our research with Xtelligent also found that this unfortunate number of security incidents that occurred last year despite that 71% of those healthcare providers surveyed prioritize maintaining HIPAA compliance over other considerations — making it their No. 1 cybersecurity priority — and 63% of them focus specifically on protecting regulated customer data from new types of cyber threats, including ransomware. 

“This study highlights the challenges faced by healthcare organizations in balancing cyber threats, regulatory compliance, and information access and exchange in the fluid healthcare environment,” said Hayden Schmidt, Healthcare Market Insights Analyst at Xtelligent, who carried out the research study. “One core finding is that healthcare providers increasingly rely on outside experts and hosted services like MDRs to address breach risks and ensure compliance.”

Additional findings note that top measures taken by healthcare organizations to address security threats and breaches include using tools and technologies to rapidly detect (66%) and respond (61%) to security incidents, often relying on a managed detection and response (MDR) services that can provide round-the-clock security operations center (SOC) coverage.

The backdrop to this research was the massive Change Healthcare data breach that affected 112 million U.S. citizens in early 2024, making it one of the “largest known digital thefts of medical records” ever. President and CEO of the American Hospital Association Rick Pollack called the Change Healthcare cyberattack the “most significant and consequential incident of its kind against the U.S. healthcare system in history.”

Given the large footprint and extensive disruption caused by this incident, it stands as a wake-up call for healthcare providers of all sizes to revisit and rethink their data security and privacy efforts to minimize their risk of data breach. While maintaining compliance will always remain a high priority in healthcare, the importance of staying ahead of threat actors with broad-spectrum cyber detection and response technologies has never been higher.