What the “One Big Beautiful Bill” Means for Your Practice’s Cybersecurity

Written By Didier Jourdain

The U.S. healthcare landscape is shifting fast—and small and medium-sized practices are feeling the pressure. The “One Big Beautiful Bill” (OBBB), which aims to simplify billing and reduce administrative burden through consolidation and standardization, introduces new cybersecurity risks.

As practices connect with larger systems, adopt unified billing platforms, and expand data-sharing with third-party vendors, their digital footprint—and vulnerability—grows. In fact, third-party vendors were linked to more than 80% of healthcare data breaches in 2024, according to the U.S. Department of Health and Human Services [1]. Yet many practices remain unaware of just how exposed they’ve become.

This is compounded by how cybersecurity risk is typically assessed. A 2024 Ponemon Institute report found that only 38% of healthcare organizations conduct formal, data-driven risk modeling, while over half base cybersecurity investments on gut instinct or compliance checklists [2]. This disconnect leads to poor prioritization—some threats are underestimated, others overestimated, and budget is often misallocated.

That’s a dangerous gap.

As systems become more connected under OBBB reforms, so do the risks. Legacy PACS systems, radiology workstations, billing platforms, and EHRs are now interdependent—and a single vulnerability in one can cascade across the others. Many small practices simply don’t have visibility into these interconnections or their downstream risks.

That’s why accurate, quantitative threat modeling is more important than ever.

At Jourdain Risk Group, we apply advanced methods like Bayesian networks and copulas to simulate how cyber events might unfold across complex clinical systems. Combined with the FAIR framework, these tools allow us to estimate real-world probabilities and financial impact, so our clients can invest wisely—where it counts most.

As policies like OBBB continue to drive integration, small and mid-sized medical practices can’t afford to rely on generic assessments or assumptions. With better data, better models, and better insight, you can protect your practice—before it’s too late.

Sources:
[1] U.S. Department of Health and Human Services, 2024 Healthcare Breach Report
[2] Ponemon Institute, The Impact of Third-Party Risk on Healthcare Cybersecurity, 2024

Didier Jourdain
Previous

What the Change Healthcare Hack Taught Us And Why It Won’t Be the Last
Next

AI in Healthcare Is Booming -So Are the Cyber Risks