Cooperton calls for stronger cybersecurity for health care industry

The firm highlights rising cyberthreats in Puerto Rico and urges stronger protections for patient data.
Innovative health care IT, cybersecurity technology, cyber insurance and laws must intersect to protect health care organizations from increasing cyberattacks, which are costing the sector millions of dollars annually in recovery costs and downtime, a local cybersecurity leader said at the recent Health IT & AI Innovation Summit.
In recent years, the health care sector has seen a notable rise in data breaches and ransomware attacks, costing organizations $1 million to more than $10 million in recovery costs, depending on the size of the organization and the nature of the breach. Hospitals also lose an estimated $20,000 per hour in revenue because of downtime during cyberattacks, according to Hato Rey-based IT and cybersecurity firm Cooperton.
The sector is often seen as a prime target due to the sensitivity of its data and the potential impact on patient care. So far this year, as of March 19, there have been 128 major health data breaches affecting 4.7 million people in the U.S., according to the list of breaches under investigation by the Office for Civil Rights in the U.S. Department of Health and Human Services.
Last year was the worst on record, with some 720 reported cases and more than 184.1 million breached records — representing 53% of the U.S. population — up 9.4% from 2023’s record-breaking total, The HIPAA Journal recently reported. In 2023, data breaches cost an average of more than $10.9 million per breach.
Hospitals have experienced the highest number of data breaches over the past 12 years, with “hacking/IT incidents” being the most dominant type of breach, according to The HIPAA Journal.
Cyberattackers look for financial and health data, as well as intellectual property, all of which is valuable on the dark web — a hidden part of the internet accessible only through specialized software and often linked to illegal activities. Immediately affected hospital operations include triage systems, X-ray machines, electronic health record systems, hospital sensors, network-connected equipment and patient monitoring systems such as baby bracelets.
The Puerto Rico Hospitals Association held the summit on Feb. 28, highlighting the importance of innovative solutions to foster safer and more efficient health care environments.
“Our discussions emphasized the necessity for robust cybersecurity measures that protect patient data while enabling health care providers to deliver improved services,” William Bonaparte, chief operating officer of Cooperton, said in a statement.
“The convergence of health technology and cybersecurity cannot be overstated, especially as we face increasingly sophisticated cyber threats,” he added.
Protecting patient data
Bonaparte urged health care organizations to invest in cybersecurity measures, including risk assessment, gap analysis, remediation processes, policies and procedures, disaster recovery, and business impact analysis. He also recommended cyber liability insurance to help cover costs associated with cyber incidents, noting that cyber insurance is sometimes required to operate in Puerto Rico. He cited the island’s cybersecurity law, Act 40 of 2018, as a regulatory framework.
Puerto Rico must “commit as a jurisdiction to updating, modernizing and protecting technological information systems, both private and governmental,” Bonaparte said. “It has been proven that there is a direct correlation between a country’s economic development and its technological development.”
Bonaparte pointed out that the number of job openings in the cybersecurity field is impressive. In 2024, the global deficit of cybersecurity workers reached 4 million, with more than 750,000 vacancies in the U.S., according to the World Economic Forum, Fordham Now reported.
The shortage highlights the need for more training and education in the field to prepare individuals for careers in cybersecurity, Bonaparte said.
Cooperton collaborates with Puerto Rico’s Sacred Heart University on several educational programs on cybersecurity for faculty, administrative staff and students. The firm also offers workshops for staff at various local hospitals and serves as a liaison for a dual certification program between local and stateside universities, including a professor exchange program.
“The focus is on empowering professionals to be proactive in preventing and protecting patients’ health information, avoiding having to respond to the inevitable cyberattacks that occur daily in Puerto Rico and around the world,” Cooperton said in a statement.
“Our mission is to continue educating and creating university programs and partnerships to generate interest in these STEM subjects among young people, especially young women who may not consider STEM careers for a variety of reasons,” the company said.