The Growing Importance of Cybersecurity in Healthcare
As healthcare systems continue to digitize and improve data quality, the risk of cyberattacks on IT systems within the industry is on the rise. A cyberattack can have devastating consequences for healthcare institutions, leading to service disruptions and potential harm to patients.
Some of the major threats facing healthcare organizations today include ransomware, cloud vulnerabilities, bad bot traffic, and phishing attacks. Ransomware alone accounts for 54% of all breaches in healthcare, costing organizations an average of EUR 300,000 per incident, according to a report by The European Union Agency for Cybersecurity (ENISA). The incorporation of medical devices into patient care has further expanded the potential attack surface for malicious actors.
“Connected medical devices like infusion pumps, pacemakers, and imaging systems are often operating on outdated software, lack encryption, or are improperly configured, making them vulnerable to attacks,” explained Nana Odom, head of clinical engineering at Cleveland Clinic London.
The Rise of AI-Powered Attacks
AI-powered attacks have added another layer of complexity to the cybersecurity landscape, posing new challenges for healthcare organizations.
Enhanced Defense Training
David Wall, CIO of Tallaght University Hospital in Ireland, emphasized the need for updated staff training on information security in light of evolving threats. He highlighted the importance of ongoing training and awareness programs to prevent staff from falling victim to sophisticated attacks like deepfakes and AI-generated voice call fakes.
Wall recommended conducting simulated phishing attacks regularly to keep staff engaged and vigilant against potential threats.
Addressing Cybersecurity Challenges
Despite the growing threats, some healthcare organizations are taking proactive measures to improve their cybersecurity posture. Cleveland Clinic London, for example, conducts security assessments as part of the procurement process to focus on proactive prevention rather than reactive fixes.
However, a report by ENISA revealed widespread cybersecurity deficiencies across healthcare organizations, including challenges with risk assessments, lack of security awareness training for non-IT staff, and limited ransomware defense programs.
The Blueprint for Protection
In response to these vulnerabilities, the European Commission unveiled a comprehensive Action Plan in January 2025 to strengthen cybersecurity in healthcare. Central to the plan is the establishment of a pan-European Cybersecurity Support Centre under ENISA to provide tailored guidance, tools, and training for healthcare institutions.
The Action Plan introduces measures such as mandatory ransomware reporting, supply chain security assessments, and enhanced collaboration among industry stakeholders to improve cybersecurity resilience in the healthcare sector.
By building upon existing cybersecurity legislation and promoting collective action, the plan aims to shift towards a unified governance framework for cybersecurity in healthcare, making it a shared responsibility across the organization.
Nana Odom will be speaking about cybersecurity and medical devices at the upcoming HIMSS Europe 2025 conference in Paris, highlighting the importance of cybersecurity in healthcare.
