In 2024, breaches reported to HHS OCR exposed the PHI of more than 275 million Americans, 82% of the US population. Change Healthcare accounted for 192.7 million on its own, with settlements running into 2026. Healthcare used to appear on lists of heavily targeted industries. It now tops them by every credible measure.
So here are the four biggest healthcare data security challenges of 2026. Our bar for the list: material impact on PHI or care delivery, the point where healthcare data privacy and security stops being paperwork, and HIPAA stops being a binder. Plenty of data security issues in healthcare annoy auditors; these four shut down hospitals.
All of them changed shape after 2023, and everything below comes from the people closest to the blast: DevOps experts Valentin Kel and Igor K., and the hospital teams running these controls in production. Consider it the freshest field read on healthcare data security issues available without joining the incident calls.
Four questions this article answers:
- How does one password with no MFA behind it become 192.7 million exposed records?
- Which of your 400 business associates files your next breach notification?
- What do you do with an MRI console that will never be patched, by design?
- Who read 200 patient charts in the last sixty seconds, and why isn't it in your audit trail?
Key insights for healthcare security leaders in 2026
Short on time? These seven points carry the article:
- Identity opened 70%+ of healthcare breaches in 2023. Change Healthcare started with stolen credentials on a Citrix portal with no MFA and ended at 192.7 million impacted individuals. Hunt stale service accounts before you shop for new tooling; SailPoint reports that 47% of companies have 10+ times more machine identities than human identities, and Tenable found over a third of non-human roles are inactive.
- Put MFA where the damage happens, not where the login happens. Clinicians will never approve a prompt per chart. They will approve one on "export 5,000 patient records" or "change another user's MFA." Step-up authentication at the bulk-ePHI action catches what front-door MFA misses.
- A BAA is a legal document, not a control. If naming your top 20 business associates by PHI volume takes longer than ten minutes, your real exposure is unmeasured. Inventory vendors like assets: connection method, PHI volume, attestation age, and last disclosed incident.
- Your weakest system can't be patched, ever, and that's by design. FDA clearance pins devices to specific OS builds, so 53% of connected hospital devices and other IoT devices carry a known critical vulnerability. Segmentation, egress denial, and file integrity monitoring do the job that patches can't.
- An exception without an expiry is a permanent risk acceptance nobody signed. Open-ended legacy exceptions show up fast in HIPAA audit reviews. Tie everyone to a real event: vendor upgrade, contract renewal, or decommission date.
- Every AI prompt is now an access event. The ambient scribe behind one visit can pull context from hundreds of charts, and your audit trail must show it. Log prompts and completions in the SIEM, sign a BAA with every AI vendor touching PHI, and name prompt injection in your §164.308 risk analysis before OCR asks.
- All four challenges fail at the same point: nobody owns the inventory. Controls attach to assets. One current CMDB covering cloud workloads, medical devices, business associates, and AI models is what turns the rest of this article from advice into assignments.
Why healthcare data security got harder in 2024-2026
Data security issues in healthcare didn't creep up. They snapped. In 2024, HHS OCR logged 725 large breaches through its breach notification portal, exposing the PHI of more than 275 million people, a 60.5% jump in breached records year over year (HIPAA Journal).
That's 82% of the US population. One year. If terms like PHI still feel fuzzy, start with the foundational definitions.
So why is healthcare data a target? Economics, mostly. A single medical record bundles identity, insurance, and payment data into one resellable package, and hospitals can't ride out downtime the way a retailer can. Ransomware crews noticed. After public-sector attacks started drawing political heat, RaaS operators pivoted to providers because they're soft, urgent, and statistically likely to pay. Nothing personal, it's just a better business model.
Then the blast radius changed. Change Healthcare exposed the data of 192.7 million people (HIPAA Journal). A single MOVEit vulnerability hit 2,773 organizations and 95.7 million individuals, with healthcare making up 20% of victims (Emsisoft).
Even a defender broke things: CrowdStrike's faulty update bricked 8.5 million Windows devices (Microsoft) and sent hospitals back to paper charts. You can see how these threats played out in 2024–2025 breaches, and the pattern is hard to unsee. Your security now depends on upstream code you've never audited.
Meanwhile, clinical operations digitized faster than anyone could secure them. Ambient documentation listens in exam rooms. AI codes your claims. RPA bots touch PHI thousands of times a day, and IoMT devices multiply on every floor.
Each one widens the attack surface without producing the control evidence your HIPAA Security Rule risk analysis needs, and most never made it into the NIST 800-66 mapping you wrote in 2022.
Want numbers instead of dread? Here's a methodology to quantify these risks for your organization.
The 2024 damage, in four numbers
| 725 | large breaches reported to HHS OCR (HIPAA Journal) |
| 275M+ | people exposed — 82% of the US population (HIPAA Journal) |
| 192.7M | from the Change Healthcare attack alone (HIPAA Journal) |
| 2,773 | organizations hit through one MOVEit flaw (Emsisoft) |
Katerina L., ITAM at Cloudaware:
Read also: Cloud Security Strategy: Roadmap, Pillars & Metrics
Challenge #1: Identity-based attacks against clinical staff and service accounts
Identity is where most data security issues in healthcare start. Verizon DBIR and HHS OCR investigation data trace 70%+ of 2024 healthcare breaches to a compromised identity: phished credentials, MFA bypass through push fatigue, and a service account nobody has rotated since the Epic go-live.
Change Healthcare is the textbook case.
A BlackCat affiliate logged into a Citrix remote-access portal with stolen credentials. No MFA on the portal. From there, privilege escalation to Active Directory, then encryption of clinical and backup systems together, because the backups weren't isolated from the primary network (HIPAA Journal).
Clinical environments give this attack class unusual room to work:
| Clinical reality | What attackers do with it |
|---|---|
| Clinicians move through 30+ systems per shift and won't tolerate friction | Stolen credentials blend into normal high-volume ePHI access |
| Shared workstations and break-glass accounts remain standard | Session hijacking produces nothing worth flagging |
| EHR vendor service accounts hold privileges that would fail a least-privilege review in any other industry | One compromised service account reaches the whole estate |
| Machine identities outnumber human users 10 to 1 | Thousands of credentials with no owner, no expiry, no log review |
Read also: Cloud Security Threats in 2026: Top Risks & How to Defend
What is the biggest threat to security of healthcare data?
In 2024–2026, the single biggest threat to healthcare data is identity-led ransomware: stolen credentials used to access an EHR or claims system, followed by lateral movement to a domain controller, followed by encryption of clinical and backup systems.
The Change Healthcare attack followed this exact pattern. Identity-led ransomware ranks above pure technical exploitation because of volume: 70%+ of confirmed healthcare breaches in 2024 began with an identity compromise (Verizon DBIR).
Sophisticated zero-day exploits get the press; phished credentials get the breach.
Four controls that shrink the identity attack surface
- Inventory and expire service accounts ruthlessly. Most healthcare orgs run 6–10x more machine identities than human users, and the median EHR integration service account has held the same credential for years. Cap credential age at 90 days for non-clinical service accounts, 180 for clinical, with a formal exemption process plus monitoring for anything that can't rotate. Estates spanning clouds and on-prem AD need extra discipline here; there's a separate guide to securing machine identities across hybrid environments.
- Put step-up authentication on bulk ePHI operations, not every login. Clinicians will never MFA on each chart open. They will use MFA for actions like "downloading 5,000 patient records" or "changing MFA settings for another user." Privileged access controls belong at the high-impact action, not the front door.
- Hunt MFA-fatigue patterns in your SIEM. Repeated push prompts to a single account within 60 seconds are the tell. Most healthcare SIEMs miss it because nobody enriched the auth events with user roles.
- Treat EHR vendor service accounts (Epic, Cerner/Oracle Health, Meditech) as crown-jewel CIs in the CMDB. Document the exact least-privilege scope. Audit quarterly against observed usage in the SIEM, not against what the install guide specified in 2019.
Alla L., Technical Account Manager at Cloudaware:
Read also: Cloud Data Security Best Practices (2026 Playbook)
How healthcare teams run this in practice
The gap in data security in healthcare organizations is rarely addressed by tooling. It's that nobody owns the identity inventory. Hospital teams on Cloudaware typically start by pointing CMDB discovery at everything that authenticates:
- IAM roles and service principals in AWS, Azure, and GCP
- On-prem AD accounts
- And EHR integration identities
Each one lands in a unified identity inventory across cloud and on-prem as a CI carrying an owner, credential age, environment, and EHR system tag. That inventory is what makes control #1 enforceable.
Hygiene rules run on top of that inventory. A policy set built to enforce identity hygiene policies continuously watches three conditions: service account without an owner, credential older than 90 days, admin with MFA disabled.
Each violation opens a remediation task assigned to the CI owner. The assignment matters more than the dashboard; unowned findings are how dormant accounts survive three consecutive audits.
Detection closes the loop. Conflux enriches every authentication event with owner, role, and environment from the CMDB before correlation runs, so context-rich identity event detection becomes the default rather than a custom project. The MFA-fatigue rule from control #3 only works with that join. Six push prompts to a nurse mid-shift means nothing; six prompts to a billing service account at 3 a.m. means everything.
NASA runs this inventory-first model across 30+ projects and 5,000+ EC2 instances:
"Cloudaware has been a game-changer for securing our cloud infrastructure. The CMDB platform gives us complete visibility and control, allowing us to quickly detect and respond to threats while ensuring our cloud environment remains compliant."
— Linda Cureton, Chief Information Officer, NASA (full case study)
Challenge #2: Third-party and business-associate exposure
The hardest-hit healthcare organizations in 2024–2025 weren't breached directly. They were breached through a business associate. Change Healthcare, the clearinghouse touching the data of roughly 1 in 3 Americans, went down in February 2024 and took 192.7 million patient records with it (HIPAA Journal).
Two months later, 86% of providers still couldn't submit claims normally, and 60% couldn't reliably verify insurance coverage, per an American Hospital Association survey (HIPAA Journal). MOVEit ran the same play a year earlier: one file-transfer vulnerability, 2,773 downstream organizations, and 95.7 million people (Emsisoft).
The 2024 Snowflake-credential extortion wave followed the identical pattern: an upstream platform, stolen logins, and downstream covered entities running breach notification for data they'd handed to a vendor.
A BAA documents the legal obligation. It enforces no control. Standard threat models for data security challenges in cloud computing assume assets you configure and monitor yourself; a business associate chain breaks that assumption. Your PHI flows through the revenue cycle management platform, the eligibility clearinghouse, the transcription API, and every subcontractor those vendors signed their own BAAs with, all on infrastructure you will never log into.
Paperwork is rarely the problem. Visibility into those estates is.
Read also: 12 Best Cloud Security Assessment Tools for 2026
Five moves that contain the blast radius
1️⃣ Inventory every business associate in the CMDB as a first-class CI. Most healthcare orgs hold 200–600 BAAs. Few can produce the list ranked by PHI volume in under an hour. Each BA record needs:
| Attribute | Why it matters when the breach call comes |
|---|---|
| Data class accessed (PHI / claims / scheduling / billing) | Determines what you disclose, and to whom |
| Connection method (API / SFTP / VPN / portal) | Determines what you sever, and how fast |
| Volume of PHI flowing | Ranks your top 20 by actual exposure |
| BAA status + renewal date | Your legal position on day one |
| Last attestation date | How stale your assurance is |
| Last disclosed incident | Pattern memory the questionnaire never captures |
2️⃣ Map every BA to its upstream dependencies. Change Healthcare itself runs on multiple cloud providers and identity platforms. Each vendor's estate carries the same data security risks in cloud computing you manage in your own, minus your visibility. A breach at their provider is a breach of a dependency you weren't tracking. Graph queries across the CMDB surface those chains before an incident forces the archaeology.
3️⃣ Score each BA quarterly, not annually. Objective signals beat questionnaires: publicly disclosed breaches, time since the last SOC 2 or HITRUST attestation, open CVEs in their published stack. Static questionnaire-driven TPRM is dead; the data for continuous scoring already exists in public feeds. A working method for scoring third-party risk with live data covers the scoring model.
4️⃣ Demand machine-readable attestation. A PDF SOC 2 is outdated within weeks of publication. Continuously updated trust reports (Drata Trust Center, Vanta Trust, HITRUST e1/r2 with publication dates) can be ingested as CMDB attributes, which turns vendor risk from an annual binder into a live field.
5️⃣ Write a one-page playbook per critical BA. What happens if this vendor is encrypted tomorrow? Alternative claims routing, eligibility-check fallback, manual workarounds, and who calls whom. Change Healthcare's downstream customers built these playbooks in March 2024, mid-crisis, at the most expensive possible moment.
— Igor K., DevOps Engineer at Cloudaware:
What a current BA inventory looks like
Teams that came through Change Healthcare fastest already had the map. In Cloudaware deployments, the map lives in the CMDB, which ingests third-party integrations, SaaS tenants, and external service dependencies alongside cloud assets.
Hospital customers model business associates as first-class CIs with BAA status, PHI volume, and connection method as queryable fields, the same way they already model EC2 instances and AD accounts. Healthcare cloud data security stops splitting into "our estate" and "their estate"; one graph holds both.
Compliance work hangs off the same records. CSPM evaluates each BA's data exposure against HIPAA technical safeguards (§164.312), and IT Compliance turns a lapsed BAA renewal or a stale attestation into a rule finding with an owner, an SLA, and a lifecycle, handled like any failed encryption check. BAA lifecycle and compliance evidence stops living in a contracts folder nobody opens between audits.
On the network side, SIEM monitoring baselines normal flow to each BA endpoint and alerts on anomalous data egress. In practice, that's how a clearinghouse compromise shows up hours before the vendor's notification email does.
Cloudaware SIEM dashboard alerting on anomalous PHI egress to a business associate endpoint
Challenge #3: Unpatchable medical devices and legacy clinical systems
Walk a hospital floor with the clinical engineering team and count operating systems. An infusion pump on Windows CE. The MRI console runs on Windows 7, which has been unsupported since January 2020. Down in the data center, an EHR database on Windows Server 2012 R2, which Microsoft stopped patching in October 2023, is still in production because the EHR vendor hasn't certified Server 2022.
None of this means healthcare IT is slow. FDA pre-market cybersecurity clearance is issued against a specific OS build, and the manufacturer's patch lifecycle runs on its own calendar, fully detached from CVE disclosure timing. Patch off-schedule and you've taken a cleared medical device out of its certified configuration.
The FBI put numbers on the result (FBI Private Industry Notification, PDF):
Medical device security is a compensating-controls discipline. Run it as a patching backlog and all you get is the backlog.
Read also: Cloud Security Vulnerabilities: A 2026 Practitioner Guide to Detection, Prioritization, and Remediation
Why "just patch it" doesn't survive contact with a hospital
- The infusion pump. Vendor firmware on an embedded OS, with FDA documentation tied to that exact build. An off-cycle patch voids the cleared configuration. Multiply by an IoMT fleet of several thousand units per hospital, and the patch window is whatever the manufacturer's roadmap allows.
- The imaging console. MRI and CT consoles routinely outlive three Windows versions. The modality works perfectly, replacement costs seven figures, and the OS underneath stopped receiving patches years ago. No CISO gets budget to replace a functioning scanner because of its operating system.
- The legacy EHR server. Certified against Windows Server 2012 R2, waiting on the vendor to bless anything newer. Healthcare data center security solutions treat this tier exactly like the clinical floor treats a scanner: wrap controls around what can't change because the upgrade date sits on someone else's roadmap.
The control stack for one unpatchable console
Concrete version. A Windows 7 imaging console will never see another Microsoft patch. Here's what it gets instead, per asset class rather than per CVE:
- Dedicated VLAN with deny-by-default east-west rules. Network segmentation is the primary control here, and most hospital networks fail the basic test: traffic from the infusion pump segment should never reach a financial subnet, yet it usually can, because the segmentation was designed for performance, not security. Microsegmentation tightens this further where the switching fabric supports it.
- Zero internet egress. The console talks to the DICOM workflow. Nothing else.
- Inbound allowlist scoped to the modality worklist and PACS IPs.
- Host-based intrusion detection with file integrity monitoring on legacy clinical systems, which doubles as PCI, HIPAA, and SOC 2 control evidence for exactly the systems an auditor will ask about first.
- Full packet capture on the segment, because when this box is compromised, the device itself will tell you nothing.
- A documented exception with an expiry tied to a real event: manufacturer-supported upgrade, contract renewal, or decommission. Open-ended "legacy exception" entries are the #1 source of HIPAA audit findings. An exception without an expiry is a permanent risk acceptance someone forgot to sign.
Running it as a program instead of a pile of exceptions
None of the stacks above work without knowing where it applies. For data security in healthcare information systems, the inventory is the control. Each device record needs a device category, OS version, last firmware update, network segment, a PHI-touching flag, the FDA certification scope, and the manufacturer's patch cycle. Clinical engineering already holds most of this in biomedical IT systems like AIMS, Nuvolo, or Connectiv.
Hospitals running Cloudaware import those systems into the CMDB, so a unified inventory of medical devices and cloud assets answers one query: show every PHI-touching device, its OS, and its compensating-control status.
Cloudaware CMDB dashboard showing medical devices and cloud workloads in one inventory with compensating-control status
From that inventory, segmentation and compensating-control policies get enforced per asset class, the way the checklist above describes. Vulnerability Management correlates incoming CVEs to specific device-and-OS combinations and deduplicates across scanners, which keeps the unpatchable noise out of the queue and routes whatever can take a patch into patch prioritization where patching is possible.
Challenge #4: Data security in healthcare automation — AI, RPA, and the new attack surface
No IT category has ever landed in hospitals this fast. By 2024, 66% of physicians were using health AI tools, up from 38% a year earlier, with chart documentation and billing-code automation leading the way (AMA survey).
Ambient documentation records the clinical conversation. An LLM reads the full chart as context for clinical decision support. Overnight, RPA bots authenticate into Epic and the claims platform, moving PHI at machine speed. Adoption took two years. The controls are still catching up.
Security teams inherited two problems that their existing stack wasn't built to handle.
Read also: Healthcare Data Breaches in 2026: Cases & Lessons
The model is a new asset class. Its threat profile has no precedent in the EHR era: prompt injection hiding in a referral PDF the model summarizes, training data poisoning, model inversion attacks that reconstruct patient data from outputs, and completions that hallucinate PHI into the wrong chart.
Model risk frameworks exist (NIST AI RMF, ISO 42001), but most hospital security programs haven't mapped a single control to them.
The audit trail changed shape. Access logging was designed for humans. A clinician opens one chart, and one row lands in the log. The ambient scribe behind that same visit may query two hundred. Every prompt, every completion, every downstream action (chart note, claim, outbound email) now belongs in the trail, at a volume no legacy SIEM was sized for.
In practice, data security in healthcare automation gets governed by lifecycle stage, not by tool. Both problems surface at every stage. 👇
Before a model touches PHI
Register it. Each AI and RPA system enters the CMDB as a CI carrying a model provider, training data scope, a PHI-exposure flag, its service account identity, the vendor's AI BAA status, and the retention policy for prompts and completions.
An AI vendor processing PHI is a business associate; nothing about a transformer architecture exempts it from Challenge #2's inventory.
Name the threats in your risk analysis. §164.308(a)(1)(ii)(A) requires an accurate assessment of risks to ePHI, and a 2023-vintage risk analysis that never mentions training data leakage, model inversion, or vendor prompt retention is an audit finding waiting to happen.
One workable approach: risk-assess AI workloads explicitly as a separate asset class, threat list included.
While it runs
Log every model call as a security event, not an application event. Prompt, completion, user context, asset queried: one row in the SIEM. Hospital teams running Conflux wire up model-call logging with CMDB context, so an LLM query that touched 5,000 patient records fires the same bulk-access detection a human exporting 5,000 records would.
Trace lineage end to end: EHR field → prompt → completion → downstream action.
Data lineage sounds academic until an investigator asks which patients' data shaped a denied claim, and the honest answer is a shrug.
Treat the RPA bot as what it is, a privileged service account. Scope documented, credentials rotated, behavior baselined, owner attached in the CMDB. Policy enforcement runs continuously through AI / RPA policy enforcement rules: no PHI in prompts to non-BAA vendors, retention capped, logging mandatory. A policy memo enforces nothing; a failing rule with an owner does.
When the auditor arrives
Healthcare data security audits now open with a question set that didn't exist in 2023: which models touch PHI, who owns each one, where the prompt logs live. OCR investigators ask it. Internal compliance committees ask it earlier. Automation governance answers those questions from inventory, the same way Challenge #2 answers vendor questions. Teams that run compliance-as-code for AI governance get there with rule findings that carry an owner, an SLA, and a lifecycle, while UCF-mapped dashboards show the same control satisfying HIPAA, NIST AI RMF, and ISO 42001 at once. Evidence gets pulled as a report, not assembled as a weekend project.
Valentin Kel, Cloudaware DevOps Engineer:
Read also: 5 Hybrid Cloud Security Best Practices for 2026
Bring healthcare data security back to one operational foundation
Look back across the four challenges, and the pattern is hard to miss. Identity attacks get contained by an inventory with owners. Business-associate blast radius gets contained by an inventory with attributes. Compensating controls attach to an inventory of devices, and AI governance starts with a register of models.
Every fix in this article runs on the same operational foundation: a real-time CMDB across cloud and on-prem, continuous control evaluation on top of it, and evidence an auditor can pull as a report.
Cloudaware is that foundation. NASA runs it across 30+ projects and 5,000+ EC2 instances; Coca-Cola uses it to govern three cloud and on-prem providers; the platform tracks $15.7B in managed cloud spend overall. Healthcare teams pick it up for a narrower reason: PHI lives everywhere, and HIPAA evidence has to come from one place.
Six modules map onto the four challenges:
- CMDB: one inventory across AWS, Azure, GCP, on-prem, VMware, and Kubernetes, with medical devices and business associates as first-class CIs. 3,000+ CI types.
- CSPM: CMDB-aware policies: identity hygiene, BA compliance attributes, segmentation, AI governance rules. UCF-mapped to HIPAA, NIST 800-66, ISO 27001, PCI DSS.
- Vulnerability Management: risk-based scoring with CMDB context, CVE + EPSS + KEV correlation, native integrations with Tenable, Qualys, Wiz, Nessus, CrowdStrike, AWS Inspector.
- IT Compliance: compliance-as-code with rule findings as first-class objects: owner, SLA, evidence, lifecycle. BAA tracking and AI policy enforcement. Challenges #1–#4.
- SIEM (Conflux): auto-discovered log sources, every event enriched with CMDB owner, app, and environment, Tines-based automation. Detections for MFA fatigue, anomalous PHI access, AI prompt-volume spikes.
- Intrusion Detection: file integrity monitoring and log inspection as §164.312, PCI, and SOC 2 evidence, built for unpatchable systems.