How to stop hackers holding patients hostage
21st May 2025 • Online
Given the scale of the challenge, where should healthcare security pros focus their limited resources?
Cyberattacks on healthcare: A global threat that can’t be ignored
That headline is not ours; it’s the title of a November 2024 report from the UN where the Security Council itself convened recently to discuss strategies to counter the growing threat to global healthcare from economic and state actors who do not care about the consequences of their actions.
Why? Because, as the head of the UN World Health Organization (WHO) put it, an alarming surge in ransomware attacks is putting the world’s healthcare infrastructure at critical risk, endangering patient safety and destabilising health systems. The attacks have grown in scale and sophistication over the years, with the price tag now in the tens of billions each year.
Briefing ambassadors, Tedros Adhanom Ghebreyesus, WHO Director-General, emphasised the severe impact of cyberattacks on hospitals and healthcare services, calling for urgent and collective global action to address this growing crisis.
“Ransomware and other cyberattacks on hospitals and other health facilities are not just issues of security and confidentiality, they can be issues of life and death,” he said. “At best, these attacks cause disruption and financial loss. At worst, they undermine trust in the health systems on which people depend and even cause patient harm and death.”
He concluded with a call for international cooperation, urging the Security Council to use its mandate to strengthen global cybersecurity and ensure accountability.
This confirmation that the cybersecurity of healthcare infrastructure is a matter of national security in its most basic sense – the safety of the citizen – ties in with the increased prioritization given by governments globally to cybersecurity in the last year or two.
But the question is then: what difference does this make to the day-to-day lives of cybersecurity professionals?
One answer to that is simply that they must become much more resilient in the face of a much more concerted and sophisticated effort to disrupt them.
It was only three or four years ago – during the pandemic – that hackers publicly stated they would not attack healthcare organisations. This gave the sector a breathing space. But as the attacks on Change, on Ascension and on the NHS this year have shown, that breathing space is gone.
So now healthcare is playing catchup and needs to focus on multiple challenges including:
- Better remote work security assurance
- Implementing best-in-class endpoint device management
- Improve general technical controls including encryption, authentication, and authorization
- Third-party security and interoperability with other parts of the healthcare ecosystem
- Better risk assessment and business continuity plans
- Develop more coordinated incident response
- Secure a complex and rapidly evolving IT/OT environment
Healthcare providers and their supply chains are in one of the most vulnerable and challenging situations of any organisation: they cannot afford downtime – even less than a manufacturer or e-commerce provider; the consequences of downtime are not simply financial or reputational, they are literally a matter of life and death; and the sheer complexity of the environment to be secured elevates the challenge above that faced by most companies.