Cybersecurity requires new approaches, where all stakeholders contribute

Business News

With the increasing digital transformation of healthcare and improvements in the quality of data, IT systems in healthcare are becoming an increasingly attractive target for malicious actors. A cyberattack can cripple an institution, cause disruptions in service delivery and result in patient harm.

Major threats for healthcare organisations include ransomware, breaches caused by cloud vulnerabilities and misconfigurations, bad bot traffic and phishing. Ransomware accounts for 54% of all breaches in healthcare, costing healthcare organisations an average of EUR 300,000 per incident, according to The European Union Agency for Cybersecurity (ENISA). With the incorporation of medical devices in patient care, the threat of an attack expands beyond traditional IT systems.

“Connected medical devices like infusion pumps, pacemakers and imaging systems often operate on outdated software, they lack encryption or are improperly configured,” said Nana Odom, head of clinical engineering at Cleveland Clinic London. “This creates highly vulnerable entry points for attackers.”

The emergence of AI-powered attacks has heightened the risk.

The new era of defense training

“You used to just have to worry about phishing attacks. Now you have to worry about deepfakes and AI-created voice call fakes,” David Wall, CIO of Tallaght University Hospital in Ireland, which experienced a cyberattack in 2021, pointed out in an interview for HIMSS TV. “You think you’re speaking to a colleague, but you’re not actually speaking to a colleague.” This creates the need for updated staff training on information safety.

“Training and awareness for staff on an ongoing basis is really important,” Wall said. “It’s crucial that staff don’t become disengaged, so conducting simulated phishing attacks in-house is really, really important. These should be done on a weekly, daily or monthly basis, and organisations should coordinate different types of simulations – perhaps a direct attack against the finance department or a hospital-wide test, like a fake free voucher for a local supermarket.”

Some healthcare organisations are already implementing measures to address these challenges. At Cleveland Clinic London, security assessments are conducted as part of the procurement process, shifting the focus from reactive fixes to proactive prevention, Odom explained.

Still, the ENISA report shows widespread cybersecurity deficiencies across healthcare organisations: 95% struggle with risk assessments, and 46% have never conducted one. What’s more, 40% lack security awareness training for non-IT staff, and only 27% of organisations have a dedicated ransomware defense program. These deficiencies often stem from fundamental misunderstandings about healthcare technology.

“Many believe that once a medical device is deployed, it works in isolation without the need for updates,” Odom said. “However, these devices often run on commercial operating systems that require regular patching to fix vulnerabilities. Healthcare technology management (HTM) teams face resistance when trying to implement firmware updates or security patches due to fears of disrupting clinical workflows or voiding warranties. However, unpatched devices pose significant security risks.” 

The blueprint for protection

In response to the widespread vulnerabilities and escalating threats, the European Commission unveiled a comprehensive Action Plan in January 2025. Central to the commission’s strategy is establishing a pan-European Cybersecurity Support Centre under ENISA. The centre will provide healthcare institutions with tailored guidance, tools, training and services, including cybersecurity best practices, regulatory mapping tools, early warning services and incident response playbooks.

The plan introduces several measures:

  • Mandatory ransomware reporting: Member states may require healthcare providers to disclose ransom payments as part of cybersecurity incident reporting, building on the NIS2 Directive.
  • Supply chain security: A security risk assessment of medical device supply chains will be conducted. The Support Centre will provide procurement guidelines to manage risks related to cloud services and third-party vendors.
  • Medical device cybersecurity: Manufacturers are encouraged to report cyber incidents and vulnerabilities through ENISA’s reporting platform.
  • Industry collaboration: A European Health CISOs Network will facilitate knowledge sharing among cybersecurity professionals, while a European Health ISAC will improve coordination between providers and manufacturers. A Health Cybersecurity Advisory Board will guide the plan’s implementation.

Building upon existing cybersecurity legislation – including the NIS2 Directive, Cybersecurity Act, Cyber Resilience Act and Cyber Solidarity Act – the plan also introduces stronger management commitment requirements, with the NIS2 Directive introducing executive responsibility for cybersecurity preparedness.

For the implementation to be effective, ENISA underscores the importance of collective action, recommending essential cybersecurity checks such as offline encrypted backups, comprehensive awareness training, strong vulnerability management and robust incident response plans. This shift toward collective responsibility represents a fundamental change in how healthcare approaches cybersecurity.

“Cybersecurity will no longer be viewed as solely an IT function,” Odom predicted. “Instead, it will evolve into an organisation-wide responsibility under a unified governance framework, fostering a positive cybersecurity culture. Patients, too, will play a more active role by demanding secure platforms and accountability from healthcare providers.”

Nana Odom, head of clinical engineering at Cleveland Clinic London, will speak about cybersecurity and medical devices at the “Are You Safe?” cybersecurity session at HIMSS Europe 2025 in Paris taking place June 10-12. See the full program.

Read More
Tami Klemp

Latest

‘That’s A Rare Opportunity’: Bettis Hopes Allar Takes Advantage Of Learning From Rodgers

Most NFL rookies have spent their entire football lives as the unquestioned starter, the best athlete on the field, and the face of every team they played for. Waiting patiently on the sideline is a foreign concept, especially to quarterbacks. But that’s exactly what awaits Drew Allar in 2026. How much he embraces that role

10 Vikings Things That Matter with 10 Weeks to Go before Showtime

Minnesota Vikings outside linebacker Dallas Turner celebrates after a sack, with 2025 marking his second NFL season and the year he finished with 8 sacks for Brian Flores’ defense. Turner’s reaction captures the burst and confidence that helped him grow into a larger role for Minnesota during his early-career climb inside a surging pass rush.

I tested the Ninja AutoBarista Pro, and its smart Grind iQ feature demystifies grind settings so you don’t have to master coffee science for...

(Image credit: Karen Freeman / Future) Before I tested and reviewed the Ninja AutoBarista Pro, I had tried every kind of coffee brewing method over the years. I ground my own beans with a high-end 20-setting electric burr grinder. I researched how to get the ideal grind for each type of bean and brewing method.

Will Bitcoin Boom in 2026? Keeping Cryptocurrency Players Informed

By NFTevening March 6, 2026 Bitcoin has served to define the cryptocurrency community since its initial launch in 2009. While representing nothing more than an interesting investment opportunity at one time, this stablecoin has since become extremely popular throughout the online gaming community as an alternative payment method. However, even Bitcoin is not immune to

Newsletter

Don't miss

‘That’s A Rare Opportunity’: Bettis Hopes Allar Takes Advantage Of Learning From Rodgers

Most NFL rookies have spent their entire football lives as the unquestioned starter, the best athlete on the field, and the face of every team they played for. Waiting patiently on the sideline is a foreign concept, especially to quarterbacks. But that’s exactly what awaits Drew Allar in 2026. How much he embraces that role

10 Vikings Things That Matter with 10 Weeks to Go before Showtime

Minnesota Vikings outside linebacker Dallas Turner celebrates after a sack, with 2025 marking his second NFL season and the year he finished with 8 sacks for Brian Flores’ defense. Turner’s reaction captures the burst and confidence that helped him grow into a larger role for Minnesota during his early-career climb inside a surging pass rush.

I tested the Ninja AutoBarista Pro, and its smart Grind iQ feature demystifies grind settings so you don’t have to master coffee science for...

(Image credit: Karen Freeman / Future) Before I tested and reviewed the Ninja AutoBarista Pro, I had tried every kind of coffee brewing method over the years. I ground my own beans with a high-end 20-setting electric burr grinder. I researched how to get the ideal grind for each type of bean and brewing method.

Will Bitcoin Boom in 2026? Keeping Cryptocurrency Players Informed

By NFTevening March 6, 2026 Bitcoin has served to define the cryptocurrency community since its initial launch in 2009. While representing nothing more than an interesting investment opportunity at one time, this stablecoin has since become extremely popular throughout the online gaming community as an alternative payment method. However, even Bitcoin is not immune to

At climate summit, African leaders call for a bigger role in energy transition

African leaders called for regional cooperation and more climate investments, as the second Africa Climate Summit opened this Monday in Addis Ababa. Heads of state urged the continent to play a bigger role in the transition to a cleaner global economy. Speaking at the opening event, Ethiopian Prime Minister Abiy Ahmed said it's time to

Business seminar in Munich highlights Hong Kong’s strategic roles amidst global shifts (with photos)

Business seminar in Munich highlights Hong Kong's strategic roles amidst global shifts (with photos) ******************************************************************************************      The Hong Kong Economic and Trade Office, Berlin (HKETO Berlin), promoted Hong Kong's unique advantages and strategic roles at the seminar "Hong Kong's strategic role amidst geopolitical tensions" on June 18 (Munich time) in Munich, Germany.             Senior executives, investors

AI for business services: From job fears to productivity

AI for business services: From job fears to productivity

Business Insurance-AZ Achieves Record Response Times for 2026 Arizona Construction Bids

Business Insurance-AZ achieves milestone response speeds for commercial construction bids across Arizona, accelerating documentation delivery to keep local projects moving forward without delay. Phoenix, AZ, June 06-2026, ZEX PR WIRE — Business Insurance-AZ has achieved record-breaking processing speeds and response times for commercial construction bids throughout Arizona, directly supporting the state’s massive infrastructure and advanced manufacturing boom