Health care is getting a cybersecurity upgrade — other sectors should, too

(Ahmad Ardity / Pixabay)

By David Kertai • Mar 31, 2026

Cyber attacks on critical infrastructure are growing as adversaries increasingly target the digital systems that power essential services. Recognizing these risks, the Senate Health, Education and Labor Committee advanced the Health Care Cybersecurity and Resiliency Act (S.3315) last month, marking an important step toward strengthening cybersecurity in one of America’s most critical sectors. Congress should pass the bill and replicate its sector‑specific approach across other critical infrastructure sectors to ensure organizations have the resources and guidance needed to defend against cyber threats and keep essential services running.

Health care systems face increasing attacks from cyber criminals, ransomware gangs and state‑sponsored actors. As hospitals and medical facilities digitize patient records, billing systems and supply chains, their reliance on interconnected systems increases, and when cybersecurity investments fail to keep pace with that digital growth, health care facilities’ exposure to cyber threats grows.

Recent incidents illustrate the scale of this challenge. The 2024 ransomware attack on Change Healthcare—a health care technology provider—disrupted claims processing nationwide, compromised 193 million individuals’ medical data, and forced Change Healthcare to pay a $22 million ransom. More recently, in February 2026, the University of Mississippi Medical Center suffered a ransomware incident that forced seven hospitals and 35 clinics across the state to shut down while it restored operations.