In the wake of the recent Change Healthcare/UHC data breach, critical vulnerabilities in healthcare have been exposed, including outdated systems and weak security measures. In response, global IT research and advisory firm Info-Tech Research Group has published new insights, providing cybersecurity strategies to help healthcare organizations defend against evolving threats. In the resource, Info-Tech stresses the urgent need for improved cybersecurity practices and offers key strategies to security leaders to mitigate ransomware risks, strengthen data protection, and enhance incident response capabilities.
TORONTO, March 13, 2025 /PRNewswire/ – The 2024 Change Healthcare/UHC data breach underscored the urgent need for enhanced cybersecurity within the healthcare sector. Exposing sensitive patient records and disrupting hospital operations, the breach highlighted significant vulnerabilities, particularly around the growing reliance on third-party vendors and outdated IT disaster recovery plans. To help security leaders take proactive measures to strengthen their defenses and protect patient care in the aftermath of cyber incidents, Info-Tech Research Group has published its blueprint Lessons Learned and Life After a Breach in Your Healthcare Organization.
Info-Tech Research Group’s newly published blueprint provides a structured five-step approach to help healthcare organizations mitigate third-party ransomware risks. (CNW Group/Info-Tech Research Group)
“In today’s healthcare landscape, organizations face increasing cybersecurity challenges due to their reliance on third-party vendors and complex IT environments,” says Sharon Auma-Ebanyat, research director at Info-Tech Research Group. “The largest healthcare breach involving Change Healthcare/UHC highlighted significant vulnerabilities, disrupting hospital operations and billing and exposing patient records. This underscores the urgent need for comprehensive strategies to address these risks.”
The firm reports that despite the escalating cyber threat landscape, many healthcare organizations have yet to fully implement multifactor authentication, especially for remote access services, leaving critical systems exposed to attackers who exploit stolen credentials.
Info-Tech’s insights also highlight the challenges posed by interconnected IT environments, making it difficult for organizations to detect and address security gaps.
“Many healthcare organizations encounter obstacles such as outdated IT disaster recovery plans that fail to address virtual and digital connections, limited budgets and resources, and complex, interconnected systems that make it difficult to identify and fix vulnerabilities,” adds Auma-Ebanyat. “Traditional disaster recovery approaches often overlook the evolving nature of third-party risks and virtual environments, increasing susceptibility to cyberattacks.”
Info-Tech advises the need for a more comprehensive and proactive cybersecurity approach to mitigate these risks.
Five-Step Approach to Mitigate Third-Party Ransomware Risks
In its recently published resource Lessons Learned and Life After a Breach in Your Healthcare Organization, Info-Tech provides a structured five-step approach to help healthcare organizations mitigate third-party ransomware risks.
The five-step approach includes:
- Evaluate and Prioritize Vendor Security Risks
Healthcare organizations must assess vendor security risks and prioritize high-risk partners, especially those handling sensitive patient data. A dual vendor strategy for SaaS applications reduces dependency on a single provider, improving resilience against disruptions. - Assess and Document Data Flows and Architecture
Mapping data flows helps identify vulnerabilities and potential ransomware entry points. Strengthening network segmentation and containment strategies minimizes damage and prevents the spread of attacks. - Review and Strengthen the Incident Response Plan
Regularly updating incident response plans ensures organizations can react quickly to ransomware threats. Tabletop exercises can help teams test their response strategies and improve coordination during real incidents. - Develop Data Governance and Classification
A strong data governance framework ensures sensitive data is classified and protected. Implementing access controls and encryption enhances security, reducing exposure to ransomware threats. - Strengthen Disaster Recovery and Security Considerations
Robust data backups and redundancy systems ensure critical operations can continue during an attack. Strengthening authentication, encryption, and access controls further minimize the impact of breaches.
“This research offers a roadmap to mitigate third-party ransomware and data breach risks, featuring insights on current healthcare cybersecurity threats, lessons from the Change Healthcare/UHC data breach, and strategies to prevent future incidents,” explains Auma-Ebanyat
By leveraging insights from Info-Tech’s blueprint, healthcare organizations can take decisive steps to enhance their cybersecurity strategies and disaster recovery plans. The expert-driven recommendations outlined in the data-backed resource will help security leaders protect sensitive patient data, maintain operational resilience, and prepare for evolving cyber threats.
For exclusive and timely commentary from Sharon Auma-Ebanyat, an expert in the healthcare sector, and access to the complete Lessons Learned and Life After a Breach in Your Healthcare Organization blueprint, please contact [email protected].
About Info-Tech Research Group
Info-Tech Research Group is one of the world’s leading research and advisory firms, proudly serving over 30,000 IT and HR professionals. The company produces unbiased, highly relevant research and provides advisory services to help leaders make strategic, timely, and well-informed decisions. For nearly 30 years, Info-Tech has partnered closely with teams to provide them with everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.
To learn more about Info-Tech’s divisions, visit McLean & Company for HR research and advisory services and SoftwareReviews for software buying insights.
Media professionals can register for unrestricted access to research across IT, HR, and software and hundreds of industry analysts through the firm’s Media Insiders program. To gain access, contact [email protected].
For information about Info-Tech Research Group or to access the latest research, visit infotech.com and connect via LinkedIn and X.
SOURCE Info-Tech Research Group
