HOUSTON
Volume 16 | Issue 6
Inside This Issue
June Edition 2026
Cybersecurity for Healthcare: Strategies to Mitigate Risks By Richard F. Cahill, JD, Vice President and Associate General Counsel, The Doctors Company
C Graduate School of Biomedical Sciences debuts Master’s Degree See pg. 11
INDEX Legal Matters........................ pg.3 Oncology Research......... pg.4 Healthy Heart....................... pg.7 Framework............................. pg.8 Financial Forecast............ pg.12
Aging with Dignity See pg. 10
omplex attacks using ransomware are among the most problematic cybersecurity concerns for healthcare practices and systems. Malicious software can prevent an affected organization from accessing its data unless monetary payments are made, which can interfere with the delivery of patient treatment. In addition to immediate patient safety risks, a ransomware attack creates long-term enterprise risks. Patients’ protected information is attractive to cybercriminals for its substantial value on the black market, and therefore data breaches, also referred to as crypto-extortion, are a typical collateral consequence of ransomware attacks. Healthcare organizations across the country have experienced data breaches, whether through ransomware or through other threats. Following a cryptoextortion incident, a covered entity’s inadvertent violations of federal and state privacy laws may result in a multitude of civil, criminal, and administrative dangers. The results can be financially devastating. Through a combination of advance planning and collaboration with trusted business partners, healthcare organizations can mitigate their cyber security risks, including risks amplified by overseas events, third-party vendor relationships, agency oversight, and technological advancements. Geopolitical Risks Some cybersecurity attacks are sponsored by foreign governments, and such threats increase in intensity
whenever the U.S. engages in overseas conflicts. In spring 2026, pro-Iranian hackers turned their attention to vendors connected to U.S. power, water, and healthcare. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency
strike third-party vendors that support medical and dental practitioners. This threat demands careful deliberation and proactive, preemptive correction of vulnerabilities, because when data breaches begin through a third party, they can take longer to identify, cause more disruption, and cost more to contain than a direct attack. Regulatory and Compliance Risks When patient records are violated in large online assaults, federal and state privacy laws create an added risk to clinicians, practices, and systems. Understanding these risks is the first step to mitigating them. They include: • Complaints from government agencies: Data breaches often lead to complaints initiated by government oversight and licensing agencies, including the Office for Civil Rights, with possible investigations subsequently resulting in fines, sanctions, and related administrative penalties.
Healthcare organizations can protect their patients, assets, and reputations by working with subject matter experts to mitigate potential cybersecurity risks. (CISA), and other agencies have repeatedly implored U.S. healthcare entities to amplify their cybersecurity. Covered entities cannot predict international events, but they can predict that geopolitical shifts will at times increase their enterprise risks, and they can strengthen their cybersecurity postures accordingly. Third-Party Risks Cybercriminals may aggressively
see Cybersecurity ...page 14
PRSRT STD US POSTAGE PAID PERMIT NO 1 HOUSTON TX