Skip to content ↓ | Skip to navigation ↓

The healthcare industry continues to be challenged with securing patient health information. According to the Verizon Protected Health Information Data Breach Report (PHIDBR), 58 percent of all security incidents involved insiders, ransomware accounts for 70 percent of all malicious code, and alarmingly, basic security hygiene is still lacking at many healthcare organizations.

The security challenge of PHI breaches is common at both large healthcare systems as well as smaller healthcare organizations. In other words, all healthcare organizations, including health insurance, must take steps to ensure that PHI is secure, as the susceptibility to an attack is not dependent on the size of the organization.

As a result of increasing risk to patient health information, healthcare organizations must make greater investments in securing their critical assets.

Although healthcare has long had a reputation of lacking the resources to invest in cybersecurity, due to increasing risk to patient care and safety, it is essential that healthcare organizations weigh the cost of a breach with the upfront investment in securing PHI.

Healthcare organizations not only incur costs associated with HIPAA fines in the event of a breach but also the attendant costs of notification, credit report monitoring for affected patients and reputational damage, which leads to the loss of patients.

It is imperative that healthcare organizations not view cybersecurity measures to protect PHI as solely the responsibility of the CISO. The fallout from a cyberattack affects the entire healthcare organization.

To that end, there are a few critical steps that healthcare organizations must take to secure PHI and ensure patient health and safety.


Ensuring that patient health information and critical assets are secure from cyberattacks starts with visibility. Healthcare organizations must have visibility to unauthorized changes and misconfigurations on all critical assets — including EHR systems — that could lead to a cyberattack.

Interestingly, a high percentage of breaches reported in PHIDBR was due to insider threat. It is absolutely critical that healthcare organizations can detect unauthorized changes on all critical assets in their environment. A robust file integrity management and secure configuration management tool can alert you to who changed what, when and the critical assets and EHR files affected.

A robust file integrity management and secure configuration management tool used in tandem with vulnerability management solution can help healthcare organizations discover assets, vulnerabilities and malicious changes in their environment.


Although having tools like file integrity monitoring and secure configuration management can help in securing your environment. Tools by themselves are only part of the solution.

It is important that healthcare organizations have processes in place that maximize the benefits that these tools confer. For example, many healthcare organizations have a change management process, but these processes might not be followed. In addition, the team responsible for the EHR systems might be in a different silo from the security team responsible for securing other critical assets.

It is essential that healthcare organizations break down the silos to ensure end-to-end visibility and security of all critical assets including EHR systems.

FIM and SCM tools can be used to support access policies, thus reducing the incidents of insider threat. FIM and SCM tools can also be used to assess configurations against security policies both regulatory standards and internal policies to ensure that there are no inadvertent changes that can make your organization susceptible to a cyberattack.


Seemingly, any recommendation on cybersecurity for healthcare organizations would be incomplete without a recommendation on HIPAA compliance.

While achieving HIPAA compliance is important, healthcare organizations must ensure they are using their limited resources in the most efficient way possible. Expending resources to pass a HIPAA audit and to produce ad-hoc reports to prove compliance at one point in time is inefficient.

Rather than merely achieve point-in-time compliance with regulatory standards like HIPAA, PCI and NIST, to name a few, it is essential that healthcare organizations ensure continuous compliance with these regulations.

A robust file integrity management and secure configuration management tool will help you ensure that you are continuously in compliance and will provide out-of-the-box, audit-ready reports. The result is that your organization is secure and is able to prove compliance to auditors efficiently.

Although healthcare is still challenged by cyberattacks, as the results of the resent Verizon PHIDBR show, the investment by healthcare organizations in securing PHI is not commensurate to the cyber risk they face. In the light of the consequences of a breach – HIPAA fines, reputational damage and loss of patients – it is more cost effective to invest in tools like a robust file integrity management and secure configuration management tool to help you ensure that patient health information is protected.

Learn how Tripwire’s integrated cybersecurity, threat protection and compliance solutions can help healthcare organizations meet these challenges head-on to protect patient data and keep their networks safe, compliant and available.