Strategies to Mitigate Cyber Threats in Healthcare

I spent this weekend recording a fantastic podcast episode with Abhinav Kumar Shrivastava We took a deep dive into 𝐡𝐞𝐚𝐥𝐭𝐡𝐜𝐚𝐫𝐞 𝐜𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲, 𝐦𝐚𝐩𝐩𝐢𝐧𝐠 𝐨𝐮𝐭 𝐚 𝐂𝐈𝐒𝐎’𝐬 𝐩𝐥𝐚𝐲𝐛𝐨𝐨𝐤 𝐟𝐨𝐫 𝐛𝐮𝐢𝐥𝐝𝐢𝐧𝐠 𝐬𝐚𝐟𝐞𝐭𝐲 𝐚𝐧𝐝 𝐫𝐞𝐬𝐢𝐥𝐢𝐞𝐧𝐜𝐞 𝐟𝐫𝐨𝐦 𝐭𝐡𝐞 𝐠𝐫𝐨𝐮𝐧𝐝 𝐮𝐩. If you're interested in patient privacy and security, you won't want to miss this one! Abhinav explains why healthcare security must be approached differently from other industries. Instead of focusing on financial loss or CVSS scores, risks are prioritized based on patient impact, regulatory requirements, and IT downtime. If systems go down, patient care is directly affected — and that changes every security decision. A key theme of this discussion is simplicity over complexity. Abhinav shares how nearly 80–90% of attacks can be prevented using basic controls such as: Blocking high-risk internet traffic Strong identity and access management Strict patch management Firewall and network hygiene The conversation also dives deep into ransomware in healthcare, including a real-world example where a hospital failed to recover because their cloud backups were compromised. This leads to a critical discussion on why offline backups are non-negotiable in healthcare environments. Other practical topics covered include: How to explain cyber risk to hospital leadership in business and patient-safety terms Why compliance, security operations, and management must stay balanced The reality of USB-based and insider threats in clinical environments Training doctors and staff for incident response, not just IT teams The growing role of cyber insurance and why culture matters A practical 90-day plan to gain full security visibility, including how Abhinav implemented a SOC in just 20 days This episode is especially valuable for: Healthcare CISOs and IT leaders Hospital administrators and risk managers Security professionals working in regulated environments Anyone responsible for patient data and system uptime

Cybersecurity in Healthcare: Your Weakest Link The Change Healthcare attack was a painful lesson. It wasn't just an IT system failure. It stopped pharmacies from filling prescriptions. It prevented providers from getting paid. The event showed everyone how a single security gap can disrupt the nation's healthcare system. It was a clear warning for every healthcare leader. Many executives think a firewall and updated software make them secure. That is a dangerous assumption. This "checklist security" approach creates a false sense of safety. The biggest threats often don't break down the door. They are invited in when an employee clicks on a phishing email or a remote worker logs in from an unsecured home network. The cost is more than money. It is measured in canceled appointments, delayed care, and a permanent loss of patient trust. A strong defense is a strategy, not a shopping list of tools. It requires focus on three areas. First, your people. They are your first and last line of defense. Regular, practical training on how to spot threats is more valuable than any software. Second, your processes. You need strict access controls and multi-factor authentication on every system. You must test your vulnerabilities and have a practiced incident response plan. Third, your technology. Encrypt all patient health information. Keep offline, encrypted backups that ransomware cannot reach. Your security is only as strong as its weakest point. Is that an old server, or is it a culture that treats cybersecurity as someone else’s job? Let’s talk with Digital Transformation Strategist on how to do it.

Legacy medical devices are quietly becoming one of the most significant cybersecurity and patient safety challenges in healthcare. The recent Health-ISAC Global Health Sector Threat Landscape Report (2026) shares that devices like infusion pumps and imaging systems often remain in service for decades. Their longevity makes sense. These are expensive, mission-critical systems that clinicians rely on every day. But it also creates a widening cybersecurity gap. As operating systems age out of support (Windows 10 reached end-of-life on Oct 14, 2025), many of these devices continue running software that will no longer receive security patches. The result is an expanding attack surface embedded directly in clinical care environments. This concern reached the policy level as well. During the April 1, 2025, House Energy & Commerce Oversight & Investigations Subcommittee hearing on “Aging Technology, Emerging Threats,” lawmakers highlighted how legacy medical devices are not held to the same cybersecurity requirements as newer technologies. Replacing devices is costly and often impractical given their role in critical care. But the risk can’t be ignored. Practical steps: • Identify devices still operating on end-of-life systems • Implement compensating controls like network segmentation and monitoring • Build long-term strategies for phased upgrades or replacements • Move toward modular medical devices that are less dependent on fixed operating systems Cybersecurity in healthcare is a patient safety issue and increasingly, a national security issue.

🔐 Cybersecurity for Healthcare SMEs in Spain: A Practical Starting Point Together with Pablo Ortiz Navarro, I’m pleased to share the release of our new Cybersecurity Guide for Healthcare SMEs and Micro-Enterprises in Spain. As the digital transformation of healthcare accelerates, small providers and startups are becoming increasingly exposed to cyber threats—yet often lack the resources or clarity needed to respond effectively. This guide is the first in a dedicated series aimed at helping small healthcare organizations navigate the growing complexity of cybersecurity. It translates regulatory frameworks, threat landscapes, and technical standards into actionable steps tailored to the realities of smaller actors. 📌 Why this matters: Healthcare SMEs are prime targets: medical data can be worth up to €900 per record on black markets. Cyberattacks like ransomware can cripple operations and cost millions, even for small providers. Spain’s regulatory environment is evolving fast—ENS, GDPR, and the upcoming NIS2 Directive all have implications for small healthcare actors. 📌 What you’ll find in the guide: Overview of current legal and technical obligations Key threats, from ransomware to phishing and misconfiguration How cybersecurity influences public procurement and reimbursement List of free resources for cybersecurity A checklist of practical measures any SME can begin implementing today This is not just a technical issue—it’s a matter of patient safety, trust, and operational continuity. Even the smallest clinic or health tech company can make a difference by taking the first steps: securing access, training staff, maintaining backups, and preparing for potential incidents. 📘 Our guide is meant as a living document that will evolve alongside the regulatory and threat landscape. It is designed to support those who want to improve—not just comply. We hope it becomes a useful reference for anyone working at the intersection of health, technology, and regulation. 🔗 If you’re working in or with healthcare SMEs, we invite you to read, apply, and share the guide. Your digital safety is part of your clinical responsibility. #Cybersecurity #DigitalHealth #HealthTech #Spain #GDPR #NIS2 #ENS #HealthcareInnovation #DataProtection #PatientSafety #INCIBE #KitDigital #HealthcareSMEs

UnitedHealth Group recently faced a devastating ransomware attack perpetrated by the BlackCat/ALPHV group. The attackers demanded a ransom in exchange for the decryption key, causing disruptions to healthcare services, financial transactions, and potential exposure of sensitive information. The American Hospital Association deemed it "the most significant and consequential incident of its kind against the US healthcare system in history." The root cause was attributed to stolen user credentials, exploited through a vulnerability in a remote access tool lacking multi-factor authentication (MFA). To avoid similar attacks, consider these measures: Pre-Attack Measures: 1. Implement Multi-Factor Authentication (MFA) for remote access. 2. Conduct regular security audits and vulnerability assessments. 3. Educate employees on phishing and social engineering. 4. Segment networks to limit lateral movement. 5. Keep software and systems up-to-date with latest security patches. Incident Response Measures: 1. Establish a well-defined incident response plan. 2. Regularly back up critical data. 3. Utilize threat intelligence services for early warnings. 4. Collaborate with law enforcement and other organizations. This incident highlights the vulnerabilities inherent in remote access systems, especially when MFA is not in place. It reinforces the importance of securing endpoints and educating employees, as humans remain the weakest link in the cybersecurity chain. By adopting a comprehensive cybersecurity strategy that combines prevention, education, and response, organizations can significantly reduce the likelihood and impact of ransomware attacks. #CyberSecurity #DataProtection #Ransomware #CyberThreats #InfoSec #IncidentResponse #DataRecovery #ThreatIntelligence #CyberDefense #MFA #SecurityAwareness #NetworkSecurity #PatchManagement #RiskManagement

🏥 #Cyber #Hygiene in #Healthcare: European Union Agency for Cybersecurity (ENISA) Practical #Guidance for All #Health #Entities #ENISA has released a hands-on guide to help both large hospitals and small clinics strengthen their cyber hygiene and resilience — a growing necessity in today’s threat landscape. 📌 Key Takeaways: 🔐 Protect critical systems & devices ▫ Regular updates, secure configurations, access control, and backups 🌐 Secure networks & communications ▫ Segment networks, enforce MFA & VPN, deploy email and web filtering 📱 Manage mobile devices & telehealth ▫ Use strong credentials, remote wipe, encryption, and app controls 📁 Keep patient data safe ▫ Encrypt data, classify sensitivity, monitor access, and secure EHR systems 🚨 Be ready for incidents ▫ Have an incident response plan, perform drills, collaborate with peers & CSIRTs 🔗 Secure the #ICT #supplychain ▫ Include cybersecurity in procurement and onboarding/offboarding 🎓 Educate staff at all levels ▫ Role-based training, phishing simulations, awareness campaigns 🏢 Don’t forget physical security ▫ Badge policies, secure devices, audit cameras, and maintain critical infrastructure 📖 A must-read for healthcare providers seeking actionable, scalable practices to prevent cyber threats and safeguard patient care. #ENISA #CyberHygiene #HealthcareCybersecurity #HealthTech #Infosec #Hospitals #Resilience #EHR #CyberAwareness #DigitalHealthSecurity #CyberResilience Tinexta Cyber TINEXTA S.P.A. https://lnkd.in/diuW-BF9

💡181 ransomware attacks. 25.6 million patient records exposed. $5.7 million average ransom. That was healthcare in 2024. When every minute of downtime can put lives at risk, cybersecurity can’t rely on traditional security models and after-the-fact defenses. It requires a new, proactive model. That’s where Zero Trust comes in—not as a product, but as a mindset shift. One that continuously verifies every identity, device, application and data flow. Our new whitepaper, Implementing Zero Trust in Healthcare, provides a practical blueprint to: 🔹 Build resilience against ransomware 🔹 Secure medical devices without disrupting care 🔹 Protect patient data and ensure compliance For healthcare IT and security leaders, this isn’t just strategy. It is survival. 📄 Read the full whitepaper that I had the privilege of co-authoring with our Chief Medical Officer, Scott Schell and our IAM Offering lead Sudhakar Kamalanathan. https://lnkd.in/efDFA28C Sriramkumar Kumaresan Vishal Salvi Shambhulingayya Aralelemath Sashi Padarthy Sanjay Subramanian Patricia Hunter-Dennehy

Why is #healthcare a prime target for #cyber #attacks? Hospitals sit at the intersection of life-critical operations and highly sensitive data. Electronic Health Records (#EHR), connected #medicaldevices, and digital #diagnostic #systems make them irresistible targets. Health #data is among the most valuable on the black market. It contains financial, identity, and deeply personal information that cannot simply be "reset" like a password. Combined with the operational pressure hospitals face (you cannot just "go offline"), attackers know that ransomware hits harder here than almost anywhere else. In our #Resilience and #Security of Critical Infrastructures course, part of the Master of Science in Cyber Risk Strategy and Governance, jointly offered by Università Bocconi and Politecnico di Milano we had the privilege of hosting Italo Covelli Covelli, an #alumn of our joint Bocconi-PoliMi Cybersecurity program, now Senior Consultant in Cyber & Tech Risk at KPMG Italy , for a lecture on healthcare cybersecurity. Here are some key takeaways. 1. Medical devices are the #hidden #vulnerability. Unlike standard IT equipment, medical devices run modified, rarely-updated operating systems, cannot host antivirus software, and must stay permanently connected to the manufacturer. This creates a structural security gap that the hospital's own IT team cannot fix directly, the perimeter must be secured around the device, not on it. 2. Protecting the #environment, not just the device. Italo's research at Santobono Pausilipon hospital showed that the answer lies in strengthening the surrounding infrastructure: network segmentation (V-LAN), DNS traffic analysis, VPN IP-SEC connections, and dedicated Medical Device V-LANs for portable equipment moving across departments. 3. The #humanfactor remains the #weakest link. A survey of 250+ hospital staff revealed alarming gaps: low awareness of phishing risks, passwords written on post-its, and personal devices used to access work systems. Even in a technologically advanced hospital, security awareness programs, scenario simulations, and certifications are essential, yet often underinvested in. Cybersecurity in healthcare is not just an IT problem. It is a patient safety issue, a regulatory imperative under NIS2 and GDPR, and increasingly a matter of national security. Thank you Italo for bringing real-world consulting experience into the classroom #Cybersecurity #HealthcareSecurity #corporatepartners #CriticalInfrastructure #NIS2 #PoliMi #Bocconi #KPMG #DigitalHealth #MedicalDevices