From addressing tech obsolescence to improving digital resilience
Imagine a hospital paralyzed by ransomware, critical medical devices rendered inoperative, and sensitive patient data stolen. Unfortunately, it’s a reality that many healthcare organizations across Europe, and the world, have faced.
As healthcare systems undergo digital transformation, policymakers and healthcare leaders must confront an uncomfortable truth: cybersecurity is no longer just an IT issue. It is a core component of patient care and organizational resilience.
This blog explores why healthcare is so attractive for cybercriminals and outlines five actions to reset how we approach security in the sector with a long-term vision. This comprehensive, forward-looking approach addresses the unique vulnerabilities of healthcare while enabling organizations to build long-term resilience.
The Healthcare Sector: A Prime Target for Cybercriminals
In 2024, the healthcare sector became the most targeted industry for ransomware attacks, with cybercriminals exploiting vulnerabilities in outdated systems, fragmented IT environments, and overburdened staff. The stakes are high as the average cost of a data breach in healthcare is $9.77 million, higher than in any other sector. Worse yet, these attacks don’t just harm balance sheets, they jeopardize patient safety, delay care, and erode public trust.
The healthcare sector gathers a perfect storm of vulnerabilities, making it a particularly attractive target for cyberattacks.
First, healthcare organizations hold a treasure trove of sensitive data. Medical records are worth up to 50 times more than credit card numbers on the dark web because they cannot be cancelled. They can be used to file fraudulent insurance claims, obtain prescription medications, or build complete profiles for identity theft.
Second, healthcare systems rely on a mix of modern and legacy technology. While the latest devices and software enable faster and more accurate diagnoses, many hospitals still run outdated IT systems. In 2019, 71% of medical devices were running on obsolete or near-obsolete software. Even in 2022, 60% of French hospitals were still operating on outdated infrastructure, including systems which no longer receive security updates. This significantly expands the attack surface and often allows attackers to persist undetected, worsening the impact of breaches.
Source: Cisco Blog