Adobe

By John X. Jiang

July 9, 2025

Jiang is the Eli Broad endowed professor of accounting and information systems at Michigan State University.

Health care cybersecurity policy rests on a fundamental misunderstanding of what cybercriminals actually want. For years, regulators and providers have assumed that medical records — diagnoses, lab results, treatment histories — are the crown jewels hackers are after. This assumption has shaped everything from HIPAA compliance strategies to hospital security budgets.

But it’s wrong.

advertisement

Cybercriminals targeting health care providers aren’t interested in your cholesterol levels or prescription history. They’re after your Social Security number, your insurance details, and your payment information. This isn’t just an academic distinction — it’s a policy blind spot that’s making health care both less secure and less collaborative than it needs to be.

STAT+ Exclusive Story

STAT+

This article is exclusive to STAT+ subscribers

Unlock this article — plus in-depth analysis, newsletters, premium events, and news alerts.

Already have an account? Log in

Monthly

$39

Totals $468 per year

$39/month Get Started

Totals $468 per year

Starter

$30

for 3 months, then $399/year

$30 for 3 months Get Started

Then $399/year

Annual

$399

Save 15%

$399/year Get Started

Save 15%

11+ Users

Custom

Savings start at 25%!

Request A Quote Request A Quote

Savings start at 25%!

2-10 Users

$300

Annually per user

$300/year Get Started

$300 Annually per user

View All Plans

To read the rest of this story subscribe to STAT+.

Subscribe
,
Submit a correction requestReprints

  1. John X. Jiang