Tag: healthcare security

Hospital Cyberattacks Are A Patient Safety Problem

Dr. Srinivas Mukkamala

By Dr. Srinivas Mukkamala, CEO, Securin.

When a hospital’s systems go dark, the danger doesn’t stay in the server room. It moves to the bedside.

That’s not a hypothetical. Recent threat intelligence found that healthcare organizations experienced a cyberattack roughly every 10 hours between January 2025 and February 2026 — the highest incident rate of any sector analyzed. Ransomware alone accounted for nearly 60% of those attacks.

HBO’s “The Pitt” dramatizes exactly what that looks like in practice. When two nearby hospitals are hit by a cyberattack, the fictional Pittsburgh Trauma Medical Center shuts down its connected systems to contain the threat. The digital patient board goes dark. Doctors revert to paper charts. Medication orders are delayed, lab results go missing, and clinicians are left making time-sensitive decisions without the patient histories they depend on. A missed life-threatening diagnosis follows.

The show is fiction. The operational risk it depicts is not.

Downtime Is a Patient Safety Problem

Healthcare has become an attractive target because disruption creates immediate pressure. Attackers understand that hospitals depend on continuous access to data, systems and connected devices. They also understand that downtime can affect patient flow, procedures, pharmacy operations, lab ordering and clinical decision-making.

The healthcare threat intelligence report describes healthcare as a sector with “life-or-death operational dependency,” high-value protected health information, chronic security underinvestment and complex legacy infrastructure. That combination makes hospitals vulnerable to attacks that affect both data security and care delivery.

When systems go down, the effects ripple across the organization. Ambulances may be diverted, procedures may be delayed or canceled, pharmacy systems may become unavailable and clinicians may lose access to electronic health records, prior diagnoses, medication histories, allergies and test results.

In a hospital, those are the foundations of safe, coordinated care. Cyber threats, therefore, carry greater risk than routine workflow interruptions.

“The Pitt” illustrates this dynamic by focusing on the mechanics of downtime. The tension comes from clinicians trying to work without the information and processes they normally rely on. Paper charts replace digital records. Verbal handoffs replace system visibility. Manual steps replace automated safeguards.

This is where healthcare leaders can focus their efforts. One takeaway from the show is not that hospitals should fear a dramatic ransomware scenario. The lesson is that downtime readiness must be treated as part of patient safety planning.

The Weak Points Are Often Familiar

Attackers don’t need sophistication, they need an opening. In healthcare, those openings are rarely exotic. The most common entry point is authentication bypass: flaws that let attackers reach privileged systems without proper credentials. In an environment where dozens of platforms, vendors, contractors and devices all need access to keep care moving, that risk compounds quickly.

The pattern that follows is predictable. A weakness in one layer – an unpatched remote access portal, an overlooked vendor credential, a known vulnerability that never got remediated – creates a failure somewhere else entirely. Lab ordering goes down. Pharmacy systems become unavailable. Imaging access disappears. What began as a security incident becomes a clinical one.

Every tracked vulnerability in our analysis appeared in the CISA Known Exploited Vulnerabilities catalog. Securin’s latest healthcare threat report makes the implication hard to ignore: the sector is overwhelmingly exposed to vulnerabilities we already know how to fix. That’s not a resource problem, it’s a prioritization one. Attackers follow the path of least resistance, and known, unpatched vulnerabilities remain valuable precisely because they persist in operational environments long after they’re publicly disclosed.

The report also found that many healthcare organizations, under pressure to restore operations quickly, continue to pay ransoms. That calculus is understandable at the moment, but it funds the next attack. Healthcare’s combination of operational urgency and chronic security underinvestment has made it the most reliably profitable sector for ransomware operators.

Cyber Resilience Has to Include Clinical Downtime

Preventing intrusions matters, but it’s not enough. The harder question for healthcare leaders is this: when critical systems become unavailable, can your hospital keep delivering care safely?

That question exposes a gap in how most organizations think about cyber risk. Security controls live in the IT department. Downtime procedures, if they exist, often live in a binder somewhere. But the consequences of a cyberattack play out in the ED, the pharmacy, the lab and the OR. Resilience planning has to reflect that.

The vulnerabilities most likely to cause hospital-wide disruption are well known: internet-facing systems, remote access tools, identity and authentication platforms, and administrative interfaces. Addressing those isn’t glamorous work, but leaving them unpatched while investing in more sophisticated defenses is like reinforcing the roof while leaving the front door open.

Operationally, the gap between security and care delivery has to close. Downtime procedures should be practiced with the people who actually deliver care – clinicians, nurses, pharmacists, lab teams – not just tested in an IT tabletop exercise. Teams need to know how to place paper orders, reconcile medications, track patients and hand off information safely when digital systems aren’t available. When systems come back online, the process of restoring and reconciling that information carries its own risks.

The Bedside Is Now Part of the Cyber Risk Model

The most frightening moments in “The Pitt” are not the attack itself. They are the human ones that follow: a missing patient history, a delayed medication order, a clinician making a life-or-death decision with incomplete information. The show resonates because it understands something that healthcare security teams have been trying to communicate for years – that in a hospital, a cyber incident is never just an IT problem.

Healthcare leaders cannot assume every attack will be prevented. The threat intelligence is too consistent, the attack surface too broad and the incentives for attackers too strong. But prevention is only half the mandate. The other half is ensuring that when systems fail -and some will – care teams can keep patients safe anyway.

That requires security fundamentals: closing the known vulnerabilities attackers are already exploiting, enforcing stronger access controls, segmenting networks so one compromised system doesn’t become a hospital-wide crisis. It also requires something harder to operationalize – a genuine integration of cyber resilience into patient safety planning, tested with the people who deliver care, not just the people who manage infrastructure.

When connected systems go dark in a hospital, the consequences move fast. A missed diagnosis. A lost order. A bad handoff. The gap between a cyber incident and a patient safety event can close in minutes.

Build resilience like that’s true. Because it is.

Unpatched Systems Are a Patient Safety Risk: Here’s How Healthcare Can Respond

Dr. Deepak Kumar

By Dr. Deepak Kumar, founder and CEO, Adaptiva.

Cybersecurity delays in healthcare aren’t just an IT problem — they’re a patient safety risk. When systems go unpatched, cyberattacks can disrupt care, delay treatment, and even increase mortality. In fact, a McKinsey study found that 71% of hospitals impacted by cyber incidents experienced poor patient outcomes, and 12% reported an increase in deaths.

Despite these high stakes, many healthcare organizations struggle to keep pace with timely patching. The root of the problem lies in the fragmented mix of aging legacy systems and newer technologies, which complicates IT operations and leaves critical endpoints exposed. As digital transformation advances unevenly across the sector, slow patch cycles continue to undermine both security and care delivery.

To close these gaps, healthcare organizations must move beyond manual patching. By embracing autonomous patching solutions, they can accelerate remediation, reduce risk, and protect patient outcomes without sacrificing operational uptime.

Legacy Tech Is Slowing Healthcare Down

One of the most significant barriers to effective cyber defense in healthcare is the persistent use of outdated technology. Many organizations still rely on legacy equipment and software due to cost concerns, regulatory constraints, and the need for system interoperability. But this dependence on aging infrastructure makes it difficult to keep systems secure and patched.

Research shows that more than half of IT professionals find patching more difficult than identifying vulnerabilities. Meanwhile, cybercriminals can exploit known flaws in a matter of days, long before many healthcare providers are able to deploy fixes. With many organizations taking a week or more to patch, critical systems are left exposed to attacks that could compromise operations or endanger patients.

Healthcare systems must shift away from manual processes and adopt modern, intelligent patching strategies that can respond at machine speed.

Manual Patching Leaves Healthcare Exposed

The complexity of healthcare environments makes timely patching particularly challenging. Many systems like clinical applications and patient care devices cannot be taken offline without disrupting operations. As such, patching may be delayed for days or weeks, expanding the window of exposure and risk.

But the risks go beyond security. Downtime caused by patching delays can interfere with treatment schedules, lead to compliance failures, and put patient trust at risk. Manual patching also places a heavy burden on IT teams, especially in organizations with multiple facilities or geographically dispersed networks.

Automated patching tools eliminate these barriers. They allow updates to be rolled out consistently, during safe maintenance windows, and with minimal human intervention — reducing the burden on IT staff and minimizing disruptions to care delivery.

Protecting Healthcare IT in an Expanding Endpoint Landscape

From connected monitors and infusion pumps to mobile diagnostic tools, IoT devices are playing a growing role in patient care and clinical workflows. However, as these connected systems proliferate, they also increase the number of endpoints that healthcare IT teams must manage and protect, expanding the overall attack surface.

While many IoT devices run proprietary software that falls outside traditional patch management tools, they often interface with Windows-based servers, applications, and endpoints that are within IT’s domain. If those systems are left unpatched, they can serve as an entry point for attackers looking to pivot deeper into the network through associated devices.

Automated patching solutions help reduce this risk by keeping core IT systems, including servers, workstations, and laptops, consistently updated and secured. This limits opportunities for lateral movement and helps ensure the broader environment surrounding connected healthcare devices remains resilient against threats.

By centralizing and automating patch deployment across supported systems, healthcare organizations can strengthen their cyber defenses, reduce IT burden, and better protect the infrastructure that underpins patient care.

Past Lessons, Clear Priorities

The healthcare industry has weathered a wave of ransomware attacks in recent years, many of which disrupted care and highlighted systemic vulnerabilities. As we’ve seen, it only takes one employee mistakenly downloading malware to shut down ambulance services, close pharmacies, and take critical IT systems offline.

While these events have prompted investments in network segmentation, better access controls, and improved monitoring tools, one critical weakness remains: the slow, manual approach to patching. As long as known vulnerabilities remain unaddressed, even well-segmented networks and strong access policies can be undermined by outdated software, enabling malware to impact unpatched systems and devices.

To close this gap, healthcare organizations must make automated patching a foundational part of their cybersecurity strategy. By accelerating response times, minimizing manual intervention, and ensuring critical systems stay updated without downtime, autonomous patching helps safeguard both data and lives. In healthcare, every second counts, including the time it takes to patch a system.

Top 5 Healthcare IT Security Tips You Need To Know

With new threats and challenges emerging in the digital world every day, maintaining optimal IT security has become a daunting task for any organization. More than ever before, healthcare organizations are feeling the heat from regulators regarding cyber security. In this blog post, we look at some of the top healthcare IT security tips you should know to keep your organization safe from cyberattacks.

With more than one billion records being compromised every year, data privacy and protection is a topic that cannot be ignored anymore by any organization without risking its reputation significantly. Considering how many patient records are digitized these days, it’s not surprising that hackers are increasingly targeting healthcare companies with ransomware attacks or other ways to get access to confidential information.

Know Your Employees And Monitor Behavior

Healthcare organizations often deal with extremely sensitive data, and thus it’s important that your employees are aware of what information is private and what information can be shared publicly. It’s also important to keep an eye on how your employees are using their devices at work.

If you notice that someone is downloading files from the network that they shouldn’t be accessing, it might be an indication of malicious behavior. It’s also important to keep an eye on the devices your employees are using. If your organization has BYOD (Bring Your Own Device) policies, it’s important to make sure that those devices are secured against malware or other threats.

Ensure Strong Passwords And Network Security

While there are many different ways for cybercriminals to break into your network, weak passwords remain a commonly exploited vulnerability. It’s important to make sure that your employees are using strong passwords containing a combination of letters, numbers, and symbols.

To avoid having to reset passwords on a regular basis, it’s a good idea to suggest the use of password managers. Another important network security tip is to implement two-factor authentication (2FA) for all critical systems. This will help to prevent unauthorized users from accessing sensitive data.

Continue Reading

It’s Time To Step Up EHR Security To Prevent Data Breaches and Ransomware

Brian Bobo

By Brian Bobo, chief digital officer, Greenway Health.

Healthcare ransomware attacks have become more common in recent years, and in many cases, caused considerable damage. At least 148 U.S. healthcare organizations fell victim to a ransomware attack in 2021, the most attacked industry, according to a March 2022 HIPAA Journal report.

With increasing threats from overseas, growing cybercriminal organizations, and the COVID-19 pandemic, it’s no surprise a sharp rise in breaches and healthcare ransomware attacks has occurred across the healthcare ecosystem.

As the situation grows more volatile, it’s vital to understand why threats like breaches and healthcare ransomware attacks exist and ways ambulatory practices can work to reduce cybersecurity risks.

The Most Valuable Record

It’s not just because the patient health information (PHI) the record contains that makes it valuable to cybercriminals, but the other information that accompanies PHI, such as addresses, birth dates, social security numbers, and even more obscure data such as insurance policy numbers, all of which someone can use to impersonate patients and commit identity theft.

With this stolen information, a cybercriminal can more easily steal someone’s identity because they now know important information no one else does. It’s what makes health records so valuable — not always the record itself, but what can be done with the information.

The average healthcare industry breach is so expensive because of the costs of remediation, recovery legal actions, and regulatory fines. In 2021, the average cost of a healthcare breach was $9.23 million, up 29.5% from $7.13 million the previous year, according to IBM Cost of a Data Breach Report 2021.

Taking it a step further, by failing to keep patient records private, an ambulatory practice could face substantial penalties under HIPAA’s Privacy and Security Rules, cause potential harm to its reputation, and patient safety can be severely impacted. A hacker’s access to private patient data not only opens the door to steal information but they can possibly even alter the data — severely impacting patient health and outcomes.

Continue Reading

5 Biggest Cybersecurity Challenges In Healthcare

Tech, Circle, Technology, Abstract, Science, Space

Many cyber gangs list ‘medical organizations’ as non-targets. But, that hasn’t stopped them from executing attacks on hospitals, health delivery organizations, pharmaceutical companies, and other entities in the sector.

Since 2020, the health sector has seen a rapid rise in cyberattacks. Ransomware has been the main form of attack.

Cybercriminals have claimed that healthcare providers have only been collateral victims. Yet, some have deliberately targeted hospitals to obtain classified medical records, transactions, and other sensitive patient data. This article will uncover the main cybersecurity challenges facing the healthcare industry, as well as some solutions to the main threats.

Top Cybersecurity Challenges for Healthcare Organizations

Ransomware

Ransomware gangs have stepped up their attacks on critical national infrastructure, including healthcare.

A survey from 2021 interviewed 597 health delivery organizations. 42% of them reported being victims of at least two ransomware attacks in previous years.

Ransomware is usually distributed through phishing emails containing trojan viruses. The attackers disguise the virus as a link or attachment. When a user clicks the link or downloads the attachment, the trojan is ready to strike.

Continue Reading

Five Security Predictions Facing Healthcare Organizations In 2022

Dirk Schrader

By Dirk Schrader, resident CISO (EMEA) and vice president of security research, Netwrix.

Ransomware is steadily increasing each and every year, with the healthcare and hospital industries suffering among the most. In 2021, we saw that “The healthcare sector is seeing the highest volumes of ransomware attempts, averaging 109 attempts per entity, every week.”

Why is this sector being targeted specifically? They hold extremely sensitive patient data and information. Hackers are working more diligently than ever to find data, threaten hospitals and providers, and even extort individuals themselves. With such a high amount of cybercrime, how can this sector protect itself and its patients? To start, by learning about security trends and working to implement them where they can.

Here are five security trends we’ll see more of in 2022:

Cybercriminals will be increasingly greedy.

In 2022 attackers will search for new ways to monetize the access to large data troves. This may lead to changes in the tactics, techniques and procedures of threat actors. They will begin to extort individuals rather than the infiltrated companies themselves. The healthcare industry is especially prone to this trend. The data generated and held by a healthcare sector is life-changing for many people and can easily be misused.

Consider this possible scenario: by extracting and aggregating personal data about hundreds of thousands of diabetic patients (34.2 million people alone are diabetic in the US), threat actors might try to ‘offer’ cheaper drugs to the individual patients, extracting money from a highly vulnerable group. If such a scheme can trick, let’s say, ten thousand victims to pay $500 for Insulin (instead of about $1,000 on average), the amount of money on the table is substantial.

Medical device IoT will create more security gaps.

More and more medical devices are being connected using vulnerable IP stacks or old webserver packages which cannot be easily patched as it would jeopardize the devices certification for medical use. In 2017, around 10 billion medical devices were connected to the internet, with an expected jump to 50 billion by 2027. While this connectivity has created so much opportunity for advances in the medical field, it has also created a new set of vulnerabilities.

Frequently, the task of configuring a medical device is considered done when it operates within the parameters of the medical process it is supposed to support or enable. Any additional security aspects are overlooked and often neglected. As long as these medical and IoT devices remain unmanaged, unmonitored and improperly updated, this exposure risk will continue to be exploited by threat actors throughout 2022 and beyond.

Continue Reading

5 Steps For Securing Patient Portals

By Josh Horwitz, COO, Enzoic.

With the rapid shift to telehealth stemming from the pandemic, both deployment and adoption of patient portals increased. This surge in usage has exposed security vulnerabilities, and we’re now seeing that many of the patient portals in use today are ripe for fraud, phishing, and ransomware attacks. To illustrate the severity of this problem, last year the latter alone cost the healthcare industry nearly $21 billion in downtime, affecting 600 providers nationwide.

COVID-19 transformed the healthcare landscape, making patient portals and telehealth the primary means by which to communicate with providers, access treatment plans and other documents and process payments. Given the convenience this affords for patients and providers alike, these digital experiences will likely remain a primary part of the healthcare industry for years to come. As organizations continue to invest in patient portals and other telehealth innovations, it’s critical that they are cognizant of the myriad security concerns.

It should come as no surprise that hackers view patient portals as an extremely attractive target—credit card data, personally identifiable information (PII) and personal health information (PHI) are all accessible via these platforms. Unfortunately, because patient portals were designed with the user experience in mind, it’s not uncommon for them to have minimal security to make the process as frictionless as possible. Hackers are only too eager to exploit this and other security holes, so it’s critical that organizations address these concerns. With that in mind, read on for five important steps to shore up these vulnerabilities and enhance patient portal security.

  1. Screen for Compromised Credentials

In many cases patient portals are secured solely by a password; something that is widely recognized as a poor security practice, particularly for accounts that contain such sensitive information.?? This is largely due to the pervasive problem of reusing passwords across multiple sites–something 59% of respondents in a recent survey admit to doing. If just one of these accounts has been breached, then every other site or service associated with the exposed password is also at risk. Therefore, if a patient uses a weak or compromised password to secure their portal, there is a very good chance that bad actors could launch a successful account takeover (ATO). To address this and other password-related vulnerabilities, providers should screen credentials against a dynamic database to ensure that patients aren’t inadvertently opening up the front to hackers. Given the rate at which data breaches occur, it’s also important to implement this screening on an ongoing basis, rather than solely when a patient enrolls in the portal.

Continue Reading

The Password Problem: Why Cybercriminals Target Healthcare

Cybersecurity has been a major concern facing many digitalized businesses. Hackers have developed more sophisticated ways to breach security systems and steal essential data from businesses.  Such security issues may cause significant financial loss and bring a business down to its knees. 

Healthcare is one of the sectors that has been hard hit by cybercrime. This is due to the sector’s adaptation of technological advancement used in areas like storing patients’ data. Unfortunately, while the technology has positively impacted the provision of services, it’s also created an opportunity for hackers to attack and steal information. As a result, healthcare becomes an easy target for cybercriminals due to the nature of their information system. 

Reasons For Cyberattacks On Healthcare

As stated, the healthcare sector isn’t immune to cyberattacks and other forms of security breaches from criminals. These attacks are being targeted due to the many loopholes that the sector has.

Here are some of the reasons why healthcare is targeted: 

One of the major concerns affecting healthcare is the lack of good passwords. An explanation of the password problem is when healthcare workers don’t set strong passwords on their devices for fear of forgetting them. In turn, they end up using weak passwords, such as their phone numbers or names.

This makes it easy for attackers to breach security and steal important information. In addition, colleagues can guess simple passwords, and they can use them to access your accounts. The password problem affects many businesses, as well as individuals. You should, therefore, be creative with your password and make it unique. 

Medical records always contain important information that could be lucrative to hackers when they sell them. Such information includes names, contact information, and credit card numbers when patients pay bills through bank cards. The attackers can then use these pieces of information to directly attack the patients or sell them to other people. 

Because some medical facilities aren’t well-protected from security breaches, the patients’ data aren’t safe. Therefore, attackers use these loopholes to launch attacks on people. 

Continue Reading