Cybersecurity Regulations Drive Healthcare Organizations to Act

April 28, 2025

John Zimmerer

By John Zimmerer, VP of Healthcare Marketing at Smart Communications

The healthcare industry has become a prime target for cybercriminals due to the sensitive nature of health data and the increasing reliance on digital systems. Recent cybersecurity breaches in Australia, Germany, the UK, and the United States have highlighted the urgent need for robust cybersecurity measures.

This blog post will detail these breaches, discuss ongoing security threats, reference recently introduced regulations, and provide recommendations for healthcare organizations to improve their security posture.

Additionally, we'll explore how SmartIQ™ and SmartCOMM™ from Smart Communications can help healthcare organizations meet regulatory requirements and combat cybersecurity threats.

Cybersecurity Breaches in Healthcare

Australia has witnessed several significant cybersecurity breaches in its healthcare sector. In 2024, 41% of healthcare organizations experienced cyberattacks, with 102 data breaches reported between January and June 2024. One of the most notable breaches involved Medibank, where millions of records were compromised. Another major incident was the ransomware attack on Saint Vincent's Health network, which resulted in stolen data from hospitals and aged care centers.

Germany's healthcare sector has also been under siege. In 2024, Germany saw a surge in ransomware attacks on healthcare institutions, emphasizing the need for enhanced protection. A recent attack targeted the Catholic Youth Welfare Department of the Diocese of Augsburg, compromising sensitive patient and financial data. In addition, the University Hospital Düsseldorf ransomware attack in 2020 led to significant operational disruptions and a patient fatality

The UK has faced its share of cybersecurity challenges in healthcare. The Cyber Security Breaches Survey 2024 revealed that half of businesses and a third of charities reported cybersecurity breaches in the last 12 months. In 2022, a ransomware attack on Advanced Computer Software Group disrupted NHS services and compromised the data of tens of thousands of patients.

The United States has experienced some of the largest healthcare data breaches. The healthcare sector saw 276,775,457 records compromised in 2024, a 64.1% increase from the previous year. In 2024, Change Healthcare suffered a massive breach affecting 190 million individuals. Other notable breaches included those at Ascension Health and Acadian Ambulance Service.

Ongoing Security Threats in Healthcare

Healthcare organizations face a variety of ongoing security threats, including ransomware attacks, phishing, and data breaches. The increasing use of Internet of Medical Things (IoMT) devices and electronic health records (EHRs) has expanded the attack surface for cybercriminals. Legacy systems and limited cybersecurity budgets further exacerbate vulnerabilities.

Recently Introduced Regulations

The Cyber Security Act 2024 mandates minimum cybersecurity standards for smart devices, introduces mandatory ransomware payment reporting, and establishes a Cyber Incident Review Board. These measures aim to close legislative gaps and align Australia with international best practices.

Germany is implementing the NIS2 Implementation Act, which transposes the EU NIS2 Directive into German law, broadening the scope and tightening cybersecurity requirements across various sectors. This includes enhanced reporting requirements and IT risk management protocols.

The NHS will be adopting a new cybersecurity framework for health and social care organizations. The cyber assessment framework (CAF) will allow these organisations to adapt to the rapidly changing landscape of technology and cyber threats.

The US Department of Health and Human services has proposed updating the HIPAA Security Rule. The proposed rule “would require updates to existing cybersecurity safeguards to reflect advances in technology and cybersecurity, and help ensure that doctors, health plans, and others providing health care meet their obligations to protect the security of individuals’ protected health information across the nation.” Additionally, new state-level privacy laws are being enacted, with 11 new comprehensive privacy laws slated to take effect in 2025 and 2026.

Recommendations for Healthcare Organizations

To improve their security posture and conform to new regulations, healthcare organizations should consider the following recommendations:

Implement Multi-Factor Authentication (MFA): MFA is essential for securing access to systems and preventing unauthorized access.

Conduct Regular Security Audits: Regular audits help identify and mitigate vulnerabilities in the system.

Employee Training: Continuous training on phishing and other social engineering attacks is crucial to prevent breaches.

Develop Incident Response Plans: Having a robust incident response plan ensures quick recovery from breaches.

Upgrade Legacy Systems: Replacing outdated systems with modern, secure alternatives reduces vulnerabilities.

Adopt Encryption: Encrypting sensitive data protects it from unauthorized access and breaches.

Compliance with Regulations: Ensure adherence to industry regulations such as HIPAA, GDPR, and local data protection laws.

How SmartIQ and SmartCOMM Can Help

SmartIQ and SmartCOMM from Smart Communications offer solutions that can help healthcare organizations meet regulatory requirements and combat cybersecurity threats.

SmartIQ

Forms Automation: Transforms traditional paper forms and manual data entry processes into digital, two-way conversations, reducing the risk of data breaches.

Secure Data Collection: Ensures secure, scalable, business-driven member engagement and accelerates omnichannel patient engagement with guided digital journeys

Compliance: Helps organizations comply with IT standards and introduces no risk to business processes.

SmartCOMM

Customer Communications Management (CCM): Provides personalized, omnichannel conversations across the entire customer experience, enhancing security and compliance.

Document Generation: Increases agility and flexibility in document generation processes, ensuring secure and compliant communications.

Integration: Works with best-in-class technology directly and through consulting companies to offer integrated solutions that complement healthcare organizations' cybersecurity efforts.

Enhance Cybersecurity with Smart Communications

The healthcare industry faces significant cybersecurity challenges, with recent breaches highlighting the urgent need for robust security measures. By adhering to new regulations and implementing best practices, healthcare organizations can improve their security posture and protect sensitive health data. Solutions like SmartIQ and SmartCOMM from Smart Communications can play a crucial role in helping healthcare organizations meet regulatory requirements and combat cybersecurity threats, ensuring a safer and more secure healthcare environment.

To learn more about how Smart Communications can help, get in touch with one of our experts today.

About the Author
John Zimmerer is the Vice President of Vertical Marketing, Healthcare at Smart Communications, where he acts as a subject matter expert on the digital transformation of customer communications and data-centric, often form-based workflows. Most recently, John has been researching and writing about improving customer experience in healthcare and is regarded as a thought leader in this area. John has over 20 years of software product marketing experience. His areas of expertise include market research, analyst relations, public relations, and digital marketing.

The Conversation Cloud^TM

Deliver SMARTER Conversations in the Cloud

Deliver SMARTER Conversations via Our SmartPARTNER Network

2024 Global Industry Benchmark Reports

Cybersecurity Regulations Drive Healthcare Organizations to Act

Cybersecurity Breaches in Healthcare

Ongoing Security Threats in Healthcare

Recently Introduced Regulations

Recommendations for Healthcare Organizations

How SmartIQ and SmartCOMM Can Help

Enhance Cybersecurity with Smart Communications

To learn more about how Smart Communications can help, get in touch with one of our experts today.

Transforming Insurance in APAC Through the Power of Partnership: Smart Communications, Capgemini, and Duck Creek

Smart Communications Positioned as a Leader in the 2025 Aragon Research Globe for Workflow and Content Automation

Smart Mover of the Month – Ella Mumford, Director, Marketing Operations

How Intelligent Content Will Enhance Your Customer Experience

The Role of AI in Improving Healthcare Communications

Is Legacy CCM a Hidden Liability in Your Enterprise CX Stack?

Transforming Insurance Through Strategic Partnerships

The Future of CCM: Key Innovations Shaping Insurance Communications

5 Smart Moves to Prepare for the Trends Shaping Customer Conversations in 2025

Document Generation Reimagined: How to Increase Agility, Flexibility, and Affordability

Is it Too Late to Streamline your Discretionary Commission Arrangements (DCA) Claims Process? Not With SmartIQ™

4 Smart Moves for Life and Annuity Insurers to Navigate Change and Drive Innovation

Personalization, Compliance, and Automation: The 2025 Trends That Will Define Customer Engagement

Enhancing Patient Financial Assistance with IXM Solutions: Benefits, ROI, and Impact

The Power of a Unified Document Generation Platform: Consolidating Document Creation Systems

The Role of Form Automation in Secure Data Collection

Charting the Path Forward: How Past Benchmark Data Can Shape Your 2025 Customer Conversation Strategies

Optimizing Customer Lifecycle Management with Customer Communications Management Technology

Focus on CX: “IDC MarketScape: Worldwide Automated Document Generation and Customer Communication Management 2024 Vendor Assessment"

A Quick Tour of the “IDC MarketScape: Worldwide Intelligent Customer Communications Management 2024 Vendor Assessment”

Follow us on