Cybersecurity requires new approaches, where all stakeholders contribute

Business News

With the increasing digital transformation of healthcare and improvements in the quality of data, IT systems in healthcare are becoming an increasingly attractive target for malicious actors. A cyberattack can cripple an institution, cause disruptions in service delivery and result in patient harm.

Major threats for healthcare organisations include ransomware, breaches caused by cloud vulnerabilities and misconfigurations, bad bot traffic and phishing. Ransomware accounts for 54% of all breaches in healthcare, costing healthcare organisations an average of EUR 300,000 per incident, according to The European Union Agency for Cybersecurity (ENISA). With the incorporation of medical devices in patient care, the threat of an attack expands beyond traditional IT systems.

“Connected medical devices like infusion pumps, pacemakers and imaging systems often operate on outdated software, they lack encryption or are improperly configured,” said Nana Odom, head of clinical engineering at Cleveland Clinic London. “This creates highly vulnerable entry points for attackers.”

The emergence of AI-powered attacks has heightened the risk.

The new era of defense training

“You used to just have to worry about phishing attacks. Now you have to worry about deepfakes and AI-created voice call fakes,” David Wall, CIO of Tallaght University Hospital in Ireland, which experienced a cyberattack in 2021, pointed out in an interview for HIMSS TV. “You think you’re speaking to a colleague, but you’re not actually speaking to a colleague.” This creates the need for updated staff training on information safety.

“Training and awareness for staff on an ongoing basis is really important,” Wall said. “It’s crucial that staff don’t become disengaged, so conducting simulated phishing attacks in-house is really, really important. These should be done on a weekly, daily or monthly basis, and organisations should coordinate different types of simulations – perhaps a direct attack against the finance department or a hospital-wide test, like a fake free voucher for a local supermarket.”

Some healthcare organisations are already implementing measures to address these challenges. At Cleveland Clinic London, security assessments are conducted as part of the procurement process, shifting the focus from reactive fixes to proactive prevention, Odom explained.

Still, the ENISA report shows widespread cybersecurity deficiencies across healthcare organisations: 95% struggle with risk assessments, and 46% have never conducted one. What’s more, 40% lack security awareness training for non-IT staff, and only 27% of organisations have a dedicated ransomware defense program. These deficiencies often stem from fundamental misunderstandings about healthcare technology.

“Many believe that once a medical device is deployed, it works in isolation without the need for updates,” Odom said. “However, these devices often run on commercial operating systems that require regular patching to fix vulnerabilities. Healthcare technology management (HTM) teams face resistance when trying to implement firmware updates or security patches due to fears of disrupting clinical workflows or voiding warranties. However, unpatched devices pose significant security risks.” 

The blueprint for protection

In response to the widespread vulnerabilities and escalating threats, the European Commission unveiled a comprehensive Action Plan in January 2025. Central to the commission’s strategy is establishing a pan-European Cybersecurity Support Centre under ENISA. The centre will provide healthcare institutions with tailored guidance, tools, training and services, including cybersecurity best practices, regulatory mapping tools, early warning services and incident response playbooks.

The plan introduces several measures:

  • Mandatory ransomware reporting: Member states may require healthcare providers to disclose ransom payments as part of cybersecurity incident reporting, building on the NIS2 Directive.
  • Supply chain security: A security risk assessment of medical device supply chains will be conducted. The Support Centre will provide procurement guidelines to manage risks related to cloud services and third-party vendors.
  • Medical device cybersecurity: Manufacturers are encouraged to report cyber incidents and vulnerabilities through ENISA’s reporting platform.
  • Industry collaboration: A European Health CISOs Network will facilitate knowledge sharing among cybersecurity professionals, while a European Health ISAC will improve coordination between providers and manufacturers. A Health Cybersecurity Advisory Board will guide the plan’s implementation.

Building upon existing cybersecurity legislation – including the NIS2 Directive, Cybersecurity Act, Cyber Resilience Act and Cyber Solidarity Act – the plan also introduces stronger management commitment requirements, with the NIS2 Directive introducing executive responsibility for cybersecurity preparedness.

For the implementation to be effective, ENISA underscores the importance of collective action, recommending essential cybersecurity checks such as offline encrypted backups, comprehensive awareness training, strong vulnerability management and robust incident response plans. This shift toward collective responsibility represents a fundamental change in how healthcare approaches cybersecurity.

“Cybersecurity will no longer be viewed as solely an IT function,” Odom predicted. “Instead, it will evolve into an organisation-wide responsibility under a unified governance framework, fostering a positive cybersecurity culture. Patients, too, will play a more active role by demanding secure platforms and accountability from healthcare providers.”

Nana Odom, head of clinical engineering at Cleveland Clinic London, will speak about cybersecurity and medical devices at the “Are You Safe?” cybersecurity session at HIMSS Europe 2025 in Paris taking place June 10-12. See the full program.

Read More
Tami Klemp

Latest

Will Bitcoin Boom in 2026? Keeping Cryptocurrency Players Informed

By NFTevening March 6, 2026 Bitcoin has served to define the cryptocurrency community since its initial launch in 2009. While representing nothing more than an interesting investment opportunity at one time, this stablecoin has since become extremely popular throughout the online gaming community as an alternative payment method. However, even Bitcoin is not immune to

At climate summit, African leaders call for a bigger role in energy transition

African leaders called for regional cooperation and more climate investments, as the second Africa Climate Summit opened this Monday in Addis Ababa. Heads of state urged the continent to play a bigger role in the transition to a cleaner global economy. Speaking at the opening event, Ethiopian Prime Minister Abiy Ahmed said it's time to

USA Cruise, Morocco Take Control, Brazil Advance On World Cup Day 9

```html id="s7wthc" ``` By Newspot Nigeria Sports Desk Day Nine of the 2026 FIFA World Cup brought four more group-stage matches and a clear theme across the schedule: teams that needed control went out and took it. The United States defeated Australia 2-0 to book a place in the next round, Morocco edged Scotland to

Cancer: Nigeria empowers patients with N50m lifetime

….As 200 beneficiaries get N100.000 each  AKOR SYLVESTER, Abuja The federal government has unveiled a N50 million Social Determinants of Health (SDoH) Fund to support cancer patients to enable them to meet the challenges of transportation, accommodation, feeding and other non-medical issues. The Minister of State for Health and Social Welfare, Iziaq Adekunle Salako, who

Newsletter

Don't miss

Will Bitcoin Boom in 2026? Keeping Cryptocurrency Players Informed

By NFTevening March 6, 2026 Bitcoin has served to define the cryptocurrency community since its initial launch in 2009. While representing nothing more than an interesting investment opportunity at one time, this stablecoin has since become extremely popular throughout the online gaming community as an alternative payment method. However, even Bitcoin is not immune to

At climate summit, African leaders call for a bigger role in energy transition

African leaders called for regional cooperation and more climate investments, as the second Africa Climate Summit opened this Monday in Addis Ababa. Heads of state urged the continent to play a bigger role in the transition to a cleaner global economy. Speaking at the opening event, Ethiopian Prime Minister Abiy Ahmed said it's time to

USA Cruise, Morocco Take Control, Brazil Advance On World Cup Day 9

```html id="s7wthc" ``` By Newspot Nigeria Sports Desk Day Nine of the 2026 FIFA World Cup brought four more group-stage matches and a clear theme across the schedule: teams that needed control went out and took it. The United States defeated Australia 2-0 to book a place in the next round, Morocco edged Scotland to

Cancer: Nigeria empowers patients with N50m lifetime

….As 200 beneficiaries get N100.000 each  AKOR SYLVESTER, Abuja The federal government has unveiled a N50 million Social Determinants of Health (SDoH) Fund to support cancer patients to enable them to meet the challenges of transportation, accommodation, feeding and other non-medical issues. The Minister of State for Health and Social Welfare, Iziaq Adekunle Salako, who

A befitting garland for UBA GMD, Alawuba @ 60

THOMAS IMONIKHE 08051000465 There is no iota of doubt that the Group Managing Director (GMD) of United Bank for Africa Plc and Chairman Body of Banks’ CEOs, Oliver Chukwudum Alawuba, an astute banker and one of Nigeria’s top corporate business leaders, who clocks three scores Saturday June 20, has made tremendous impact in the nation’s

Business seminar in Munich highlights Hong Kong’s strategic roles amidst global shifts (with photos)

Business seminar in Munich highlights Hong Kong's strategic roles amidst global shifts (with photos) ******************************************************************************************      The Hong Kong Economic and Trade Office, Berlin (HKETO Berlin), promoted Hong Kong's unique advantages and strategic roles at the seminar "Hong Kong's strategic role amidst geopolitical tensions" on June 18 (Munich time) in Munich, Germany.             Senior executives, investors

AI for business services: From job fears to productivity

AI for business services: From job fears to productivity

Business Insurance-AZ Achieves Record Response Times for 2026 Arizona Construction Bids

Business Insurance-AZ achieves milestone response speeds for commercial construction bids across Arizona, accelerating documentation delivery to keep local projects moving forward without delay. Phoenix, AZ, June 06-2026, ZEX PR WIRE — Business Insurance-AZ has achieved record-breaking processing speeds and response times for commercial construction bids throughout Arizona, directly supporting the state’s massive infrastructure and advanced manufacturing boom