Common challenges in achieving HIPAA compliance

June 18, 2025

In recent years, the healthcare sector has become an increasingly attractive target for
cybercriminals, driven by the high value of medical data and often inadequate security measures.
In 2024, the United States witnessed 725 significant healthcare data breaches, compromising over
275 million records.

A critical factor contributing to this vulnerability is the disparity in cybersecurity
investments. Healthcare organizations typically allocate only 4-7% of their IT budgets to
cybersecurity, whereas other industries, such as finance, invest around 15%.

To address these challenges, the U.S. Department of Health and Human Services (HHS) issued a
Notice of Proposed Rulemaking .

Updates to HIPAA in 2025

• Mandatory multi-factor authentication (MFA)
• In recent years, the healthcare sector has become an increasingly attractive target for
  cybercriminals, driven by the high value of medical data
• In 2024, the United States witnessed 725 significant healthcare data breaches, compromising
  over 275 million records.
• A critical factor contributing to this vulnerability is the disparity in cybersecurity
  investments.
• Healthcare organizations typically allocate only 4-7% of their IT budgets to cybersecurity,
  whereas other industries, such as finance, invest around 15%.
• The U.S. Department of Health and Human Services (HHS) issued a Notice of Proposed
  Rulemaking (NPRM) on December 27, 2024, aiming to boost the HIPAA (Health Insurance
  Portability and Accountability Act) .
• Security Rule and enhance the protection of electronic protected health information (ePHI).
• The NPRM was published in the Federal Register on January 6, 2025, initiating a 60-day
  public comment period that concluded on March 7, 2025. During this period.

• READ NEXT Common types of HIPAA violations