Cybersecurity strategies

The healthcare sector faces a variety of cyberthreats, but experts are constantly working to provide organizations with reliable cybersecurity strategies to address them. Learn about the latest tactics for tackling cyber risk, with efforts led by security practitioners, federal agencies and leading cybersecurity companies.

Top Stories

Feature 06 Oct 2025
Securing healthcare data in preparation for a post-quantum era

A post-quantum world may seem far off, but experts say that healthcare leaders should begin planning now to ensure that health data is protected. Continue Reading
By
- Jill McKeon, Associate Editor
Feature 02 Oct 2025
Preparing EHR systems for ransomware attacks

Experts weigh in on how proactive cybersecurity planning protects your patients. Continue Reading

News 05 Feb 2020
NIST Shares Cyber Supply Chain Risk Management Guidance

New cyber supply chain risk management guidance from NIST provides organizations with case studies and standards designed to build an effective enterprise program. Continue Reading
By
- Jessica Davis
News 05 Feb 2020
Medtronic Patches Vulnerabilities in CareLink, Implanted Medical Devices

Medical device giant Medtronic recently issued a set of patches for previously disclosed vulnerabilities found in its CareLink programmers and certain implanted devices. Continue Reading
By
- Jessica Davis
Answer 04 Feb 2020
Maze Ransomware Hackers Extorting Providers, Posting Stolen Health Data

Soon after the FBI warned that hackers are targeting private sector organizations to encrypt and steal data, Maze ransomware actors are now publicly extorting providers and posting stolen PHI. Continue Reading
By
- Jessica Davis
News 03 Feb 2020
DHS CISA Warns Hackers Exploiting Unpatched Citrix Servers

Days after Citrix issued final patches for severe vulnerabilities in some of its servers, DHS CISA is warning organizations that hackers are targeting, exploiting organizations that failed to patch the flaw. Continue Reading
By
- Jessica Davis
News 31 Jan 2020
Meditology Named Best in KLAS for Cybersecurity Advisory Services

KLAS named Meditology Services as the best cybersecurity advisory service vendor, followed closely by tw-Security, namely for customer confidence, loyalty, value, services, and relationship. Continue Reading
By
- Jessica Davis
News 30 Jan 2020
NIST Shares Draft Guides on Ransomware, Data Integrity Attacks

A pair of draft guides from NIST National Cybersecurity Center of Excellence shed light on ways organizations can better detect, respond, and mitigate ransomware and data integrity attacks. Continue Reading
By
- Jessica Davis
News 28 Jan 2020
Ransomware, Phishing Attacks Compromised Half US Orgs in 2019

Ransomware and phishing attacks successfully compromised more than half of US organizations last year, with hackers increasing the sophistication of their social engineering attempts. Continue Reading
By
- Jessica Davis
News 27 Jan 2020
Feds Alert to Critical Vulnerabilities in GE Patient Monitoring Products

Both FDA and DHS CISA are urging healthcare organizations to remediate risks associated with six critical and high severity vulnerabilities found in certain GE patient products. Continue Reading
By
- Jessica Davis
Answer 24 Jan 2020
Evaluating Cyber Readiness, Vulnerabilities with Pen Testing

Once a healthcare organization has built what it feels is a strong defense and security program, security leaders can look to third-party vendor penetration testing to evaluate its cyber readiness. Continue Reading
By
- Jessica Davis
News 23 Jan 2020
DHS CISA Alerts to Spike in Emotet Malware Cyberattacks

Days after Proofpoint discovered the destructive malware had reemerged targeting the pharma sector, DHS CISA sent an alert to warn businesses of a spike in targeted Emotet cyberattacks. Continue Reading
By
- Jessica Davis
News 20 Jan 2020
Emotet Reemerges with Massive Campaign Targeting Pharma Industry

One of the most disruptive hacking groups behind Emotet has returned after a lull around Christmas with a massive targeted campaign aimed at the pharmaceutical industry, Proofpoint says. Continue Reading
By
- Jessica Davis
News 16 Jan 2020
Evasive Domain-Impersonation Phishing Attacks Increase by 400%

Barracuda says that while the number of domain-impersonation attempts are far fewer than other phishing attacks, the targeted, sophisticated nature makes them costly and tough to detect. Continue Reading
By
- Jessica Davis
News 15 Jan 2020
NSA Discloses, Urges Patch of Critical Microsoft Windows 10 Vulnerability

In a rare move, the National Security Agency (NSA) shared its discovery of a critical vulnerability in Microsoft Windows 10 that may allow remote exploitation to steal sensitive data or install malware. Continue Reading
By
- Jessica Davis
News 14 Jan 2020
Enloe Medical Remains in EHR Downtime 2 Weeks After Cyberattack

On Jan. 2, Enloe Medical Center in California was hit with a ransomware attack, which has forced the provider to operate under EHR downtime procedures for more than two weeks. Continue Reading
By
- Jessica Davis
Answer 13 Jan 2020
Cybersecurity Impact of Microsoft’s End to Windows 2007 Support

Microsoft is ending support for Windows 2007 and two legacy platforms on Jan 14, which CynergisTek’s Clyde Hewitt says will rapidly increase cybersecurity risks to the healthcare sector. Continue Reading
By
- Jessica Davis
News 13 Jan 2020
Feds Alert to Ongoing Cyberattacks on Unpatched Pulse VPN Servers

In April, Pulse Secure released patches for a flaw found in its VPN servers, which were being exploited to distribute malware. But some clients failed to secure the vulnerability and are at risk of cyberattacks. Continue Reading
By
- Jessica Davis
News 10 Jan 2020
DHS Alerts to Citrix Server Vulnerabilities, Urges Remediation

DHS is urging companies to secure vulnerabilities found in certain Citrix servers that could be actively exploited by a hacker to run malicious code; security researchers are seeing an increase in scans seeking the flaw. Continue Reading
By
- Jessica Davis
Answer 08 Jan 2020
Is Healthcare Prepared to Respond to Cyber Threats Beyond Ransomware?

DHS alerts on increasing cyber threats from Iran and healthcare struggles with ransomware reveal providers need better recovery plans to prepare for the next wave of cyberattacks. Continue Reading
By
- Jessica Davis
News 07 Jan 2020
FBI Alerts to Rise in Maze Ransomware, Extortion Attempts

Hackers leveraging Maze ransomware are posing as legitimate security vendors and government agencies to steal and encrypt data for potential extortion attempts. Continue Reading
By
- Jessica Davis
News 06 Jan 2020
LifeLabs Hit With Several Lawsuits Over Data Breach of 15M Patients

In December, the Canadian testing giant reported it paid cybercriminals to retrieve the data of 15 million patients; those breach victims have filed several lawsuits, claiming failure to adequately secure data. Continue Reading
By
- Jessica Davis
News 03 Jan 2020
Cyber Threats Behind the Biggest Healthcare Data Breaches of 2019

Ransomware saw a resurgence in 2019, which disrupted patient care across the US. But third-party vendor breaches and phishing caused some of the largest healthcare data breaches of 2019. Continue Reading
By
- Jessica Davis
News 02 Jan 2020
Georgia Revives Patient Breach Lawsuit Against Athens Orthopedic

The Supreme Court of Georgia unanimously agreed to revive a patient breach lawsuit against Athens Orthopedic Clinic for a June 2016 data hack and extortion allegedly by notorious "thedarkoverlord." Continue Reading
By
- Jessica Davis
News 02 Jan 2020
DCH Health Faces Federal Lawsuit After 10-Day Ransomware Attack

Patients impacted by the 10-day EHR downtime at DCH Health in Alabama have filed a class-action lawsuit, claiming a ransomware attack on the three hospitals disrupted their medical care. Continue Reading
By
- Jessica Davis
News 16 Dec 2019
3 Health IT Standards Driving Healthcare Interoperability in the US

Direct, FHIR, and cloud fax help healthcare organizations share information and are paving the path to semantic interoperability. Continue Reading
By
- J2 Global
News 02 Dec 2019
Minimize Costs and Complexity With AI-Powered Identity Management

Healthcare organizations have access to volumes of data, but artificial intelligence can help improve identity management and achieve ROI. Continue Reading
By
- SailPoint
News 19 Nov 2019
Number of Exposed PACS Medical Images Increasing, US Biggest Culprit

Researchers from Germany’s Greenbone Networks have seen a 60 percent increased in the number of PACS medical archive images left exposed online, with US patients most affected by the breach. Continue Reading
By
- Jessica Davis
Feature 04 Oct 2019
Filling Healthcare Security Staffing Gaps with Virtual CISOs, Students

Over half of organizations still do not have a designated security leader; transitioning internships and virtual CISOs can fill some of those healthcare security staffing gaps. Continue Reading
By
- Jessica Davis
News 09 Sep 2019
HSCC Shares Resource on Threat Information Sharing Organizations

HSCC released a new inventory of national information sharing organizations and key services, designed to help healthcare providers begin the shift into these crucial cybersecurity programs. Continue Reading
By
- Jessica Davis
News 05 Aug 2019
Securing the Present and Future of Health IT Infrastructure

New approaches to health IT infrastructure bring with them novel threats to essential systems and sensitive data, signaling the need to modernize health data security efforts. Continue Reading
By
- SailPoint
News 21 Mar 2019
UCLA Health Reaches $7.5M Settlement Over 2015 Breach of 4.5M

The settlement resolves claims around UCLA Health’s May 2015 health data breach of 4.5 million patient records, caused by a year-long hack on its network. Continue Reading
By
- Jessica Davis
Feature 05 Feb 2019
What Is Cyber Insurance for Healthcare Organizations?

In the wake of recent data breaches, healthcare organizations are turning to cyber insurance to offset some of the costs. Here’s what they need to understand about assessing insurers and policies to ensure adequate coverage. Continue Reading
By
- Jessica Davis
News 10 Jan 2019
Massive SingHealth Data Breach Caused by Lack of Basic Security

The lessons learned from Singapore’s breach serve as a reality check to U.S. health organizations still failing to educate users, apply patches, and other common security methods. Continue Reading
By
- Jessica Davis
News 29 Oct 2018
Medical Devices and Other Endpoints Offer Attractive Targets to Attackers

Medical devices, mobile devices, and other endpoints offer attackers attractive targets that healthcare organizations need to secure to protect PHI and other sensitive assets. Continue Reading
By
- Insight
News 02 Oct 2018
FDA Unveils MITRE’s Medical Device Security Playbook

The FDA released Oct. 1 a medical device security playbook it developed with MITRE to advise healthcare organizations on securing their medical equipment. Continue Reading
By
- Fred Donovan
News 17 Sep 2018
Best Practices for Providers to Secure Patient Data

Increased vigilance, security best practices, and the right technology can help healthcare organizations secure patient data and stay one step ahead of cybercriminals. Continue Reading
By
- Insight
Feature 08 Jun 2018
Perils of Healthcare Phishing and What You Can Do About It

Healthcare phishing is a real danger to everyone in healthcare. In fact, phishing has become the preferred method for hackers to breach healthcare organizations to steal valuable medical data and/or deploy ransomware. Continue Reading
By
- Fred Donovan
Feature 04 May 2018
Defending Against Healthcare Ransomware Attacks

Healthcare ransomware attacks have become a security nightmare for many organizations over the last couple of years. Here's what you can do to lessen their impact on your organization. Continue Reading
By
- Fred Donovan
News 29 Jul 2016
Preparing Against Current Healthcare Cybersecurity Threats

Healthcare cybersecurity threats are continuously evolving, and covered entities need to ensure that they are implementing necessary and applicable security measures. Continue Reading
By
- Darrin Haehle of Wonderbox Technologies
News 11 Jul 2016
Should a Health Information Exchange Be Opt-In or Opt-Out?

Opt-in and opt-out policies both have pros and cons that providers must understand to determine which is ultimately better for their health information exchange. Continue Reading
By
- Sara Heath, Executive Editor
Feature 03 Jun 2016
How Ransomware Affects Hospital Data Security

Healthcare ransomware is quickly becoming an industry buzzword, but what is it exactly and how can organizations improve their hospital data security? Continue Reading
By
- Elizabeth Snell
News 01 Aug 2014
Healthcare access badges: Physical, logical access links

There are many and complex passwords that end users have to remember, but single sign-on (SSO) solutions and authentication management can help the process. Continue Reading
By
- Dean Wlech
News 17 Jan 2014
MedAllies receives accreditation from EHNAC, DirectTrust

MedAllies has received accreditation from Direct Trusted Agent Accreditation Program (DTAAP) & Electronic Healthcare Network Accreditation Commission (EHNAC). Continue Reading
By
- Nicole Freeman
News 31 Oct 2013
Managing a health data breach with a response plan

David Dover, Privacy and Security Officer at Alere, can attest that Alere did make the effort to augment their security approach following a data breach. Continue Reading
By
- Patrick Ouellette