LUGPA Policy Brief: Cybersecurity in Healthcare

On July 9, 2025, the Senate Health, Education, Labor and Pensions (HELP) Committee held a hearing titled “Securing the Future of Health Care: Enhancing Cybersecurity and Protecting Americans’ Privacy.” Lawmakers and expert witnesses called for urgent action to address a sharp rise in healthcare cyberattacks, especially those impacting independent and rural practices.

Key priorities included modernizing HIPAA to reflect new technologies such as AI and wearables, supporting small providers that lack adequate cybersecurity resources, and establishing a national privacy standard to replace the patchwork of state laws. Witnesses emphasized cybersecurity as a core patient safety issue, particularly relevant to independent groups like LUGPA members.

The Rising Threat to Independent Practices
In 2024, 92% of healthcare organizations experienced cyberattacks, with each facing an average of 40 incidents. Globally, the sector saw a 45% increase in attacks. Independent practices are especially vulnerable due to older systems and limited cybersecurity infrastructure.

Data Breaches on the Rise

• 133 million individuals were affected by healthcare data breaches in 2023.
• 28% of all breaches occurred in healthcare; 35% involved third-party vendors.

Ransomware Disruption

• 59% of healthcare organizations faced ransomware attacks, averaging four incidents over two years.
• These events disrupted treatment and cost an average of $1.85 million per incident.
• 36% of affected organizations reported worsened patient outcomes.

Phishing and Human Error

• Over 90% of attacks involved phishing. In 2024, 88% of healthcare employees opened phishing emails.
• 24% of employees lacked any cybersecurity training, increasing organizational risk.

Financial Strain and Downtime

• The average cost of a healthcare data breach was $9.8 million, the highest across industries.

System Weaknesses

• 69% of healthcare organizations reported cloud or account compromises.
• 39% of cybersecurity professionals cited legacy technology as a leading concern.
• 61% of breach threats came from employee negligence.

LUGPA’s Cybersecurity Recommendations
LUGPA urges member practices to adopt the following best practices to reduce risk:

1. Access Controls: Use multi-factor authentication and limit access to sensitive data.
2. Encryption: Encrypt patient data during storage and transmission.
3. Firewalls and Monitoring: Install firewalls and monitor network activity for threats.
4. Data Backups: Regularly back up data to secure, off-site or cloud-based locations.
5. Device and Software Management: Retire outdated equipment and apply timely software updates.
6. Staff Training: Conduct regular training on phishing, social engineering, and data handling.
7. Telehealth Security: Use HIPAA-compliant platforms and secure remote access protocols.

Conclusion
Cybersecurity is a growing threat to the stability and safety of independent medical practices. LUGPA supports federal efforts to simplify compliance through a national privacy standard and calls on its members to prioritize investments in cybersecurity infrastructure and education. As the healthcare system becomes increasingly digital, cybersecurity must be a central component in delivering high-quality urologic care.

For additional resources on enhancing cybersecurity in healthcare, visit LUGPA’s dedicated page: Improving Cybersecurity for Healthcare Providers.