Healthcare Cybersecurity: Protecting Patients in Digital Transformation

March 3, 2026 Rachel Kim – Technology Editor Technology

The American Hospital Association (AHA) is urging hospital leaders to prioritize cybersecurity as a core component of patient safety, moving beyond the traditional view of it as solely an IT issue. This shift comes as healthcare organizations face a surge in increasingly sophisticated cyberattacks targeting sensitive patient data and critical infrastructure.

According to the AHA, healthcare organizations are uniquely vulnerable due to the high monetary and intelligence value of the data they hold, including protected health information (PHI), financial records, and personally identifiable information (PII). Stolen health records can command significantly higher prices on the dark web than stolen credit card numbers, sometimes selling for ten times more.

John Riggi, Senior Advisor for Cybersecurity and Risk at the AHA, emphasizes the necessitate to integrate cybersecurity into existing enterprise risk management, governance, and business continuity frameworks. “It’s critical to view cybersecurity as a patient safety, enterprise risk and strategic priority,” Riggi stated. Aligning cybersecurity and patient safety initiatives aims to protect patient safety and privacy, and ensure the continued delivery of high-quality care by mitigating disruptions to clinical outcomes.

The escalating threat landscape includes ransomware attacks, such as the WannaCry attack, and data breaches like the Anthem Blue Cross breach, which demonstrate the real-world consequences of cybersecurity vulnerabilities. The cost of remediating a breach in healthcare is also substantially higher than in other industries, averaging $408 per stolen healthcare record compared to $148 per stolen non-healthcare record.

A recent study published in Cureus highlights the growing cybersecurity challenges associated with the integration of technology into healthcare systems, including electronic health records (EHRs) and Internet of Things (IoT) devices. The study, authored by Bakheet Aldosari of King Saud Bin Abdulaziz University for Health Sciences, emphasizes the ethical responsibility of healthcare organizations to prioritize cybersecurity even as balancing innovation and patient care.

The European Commission has also recognized the importance of cybersecurity in healthcare, launching an action plan to support healthcare organizations in responding to specific cybersecurity threats and ensuring patient safety and trust in digital health solutions. The Commission’s efforts aim to address the unique vulnerabilities of interconnected healthcare systems.

The American Medical Association (AMA) offers continuing medical education (CME) on cybersecurity in medical practice, acknowledging the rising number of cyberattacks targeting medical institutions and the need for physicians to understand the basics of protecting patients’ health information.

As of March 3, 2026, no comprehensive federal legislation mandating specific cybersecurity standards for healthcare organizations has been enacted, leaving individual institutions to navigate the evolving threat landscape and implement their own security measures. The Department of Health and Human Services has not issued a statement regarding further action.