An Overlooked Cyber-Risk in Hospitals

April 8, 2022
Integrators and end-users should be aware of the potential threat caused by network-connected medical monitoring devices

This article originally appeared in the April 2022 issue of Security Business magazine. When sharing, don’t forget to mention Security Business magazine on LinkedIn and @SecBusinessMag on Twitter.

Cybercriminals are finding new ways to breach security systems and impact operations, the economy, and even lives. Critical infrastructure is under attack, and no industry has seen more threats and attacks than healthcare over the past 18 months. According to the 2021 H2 Healthcare Data Breach Report from cybersecurity and IT solutions provider Critical Insight (, cyberattacks against healthcare delivery organizations (HDOs) in the United States reached an all-time high in 2021.

With so much on the line, healthcare systems cannot afford to fall victim to an attack. A security breach and system downtime does not just cost money; it could cost lives.

Security integrators play a crucial role in this dynamic, as they can be the difference between mitigation and breach. Every HDO is vulnerable and susceptible to an attack, but security integrators can diminish the threats with the right people, partners, processes and technology.

A Tempting Target for Hackers

Historically, healthcare has not been the primary target for cyber-attacks; other critical infrastructure systems like energy, supply chain, and financial systems have primarily been the most at-risk. But the landscape is changing, and cybersecurity breaches within HDOs have been steadily increasing.

Cybercriminals have been targeting HDOs for a few key reasons:

1. Healthcare is becoming one of the highest-grossing industries in the United States, making HDOs an ideal target for ransomware attacks.

2. As innovations like telehealth and virtual care become more common, it increases the number of new endpoints, posing additional risk.

3. Healthcare is traditionally risk-averse to IT changes, so it is challenging to keep pace with a rapidly evolving security landscape.

The key to mitigating cyber threats is understanding how to stop them in the first place. For HDOs, this means having visibility into all endpoints to know their usage on a day-to-day basis. While it sounds simple, many HDOs need additional support to achieve these goals, and they often turn to trusted security partners for guidance.

Rise in Endpoints

The number of endpoints in healthcare has substantially increased over the past few decades, as medical devices like IV pumps, heart monitors, and more, are connected to the facility’s network – thus creating new endpoints that increase vulnerability and risk.

According to healthcare security expert Allison Norfleet of Cisco, a hospital room can have anywhere from 15 to 20 medical devices in it at any given time, and of those devices, 40% have known vulnerabilities. Safeguarding medical devices is crucial for HDOs, as many store patient data and information and directly connect to the HDOs wider IT network.

For integrators, the first step to securing these endpoints is to create a holistic view of all connected assets. This device inventory enables HDOs to take context-aware actions that maximize security and minimize patient care interruptions. Risk assessments determine which activities are needed for specific devices and plan integrated security tools. Finally, network segmentation policies are identified and enforced on all devices, starting with those that pose the highest potential risk.

After the initial risk is taken care of, a monitoring process takes over, as device behavior and traffic need to be continuously watched for abnormal behavior. This allows the lifecycle and operations of each device to be optimized for maximum effectiveness and ROI.

Additionally, when purchasing new medical devices, HDOs need to keep cybersecurity in mind and be sure to invest in devices that are secure and can easily communicate with the network. Legacy medical devices may not have been designed with security in mind, but HDO leaders should factor in security applications as a pre-requisite for all new equipment.

How to Help Healthcare Clients Stay Cyber-secure

Healthcare cybersecurity best practices vary from other industries. To properly protect an HDO, step one is knowing the landscape and types of attacks that are most common. Step two is identifying all devices and endpoints. Step three is knowing how to bring it all together, creating a holistic cybersecurity approach.

This can be achieved through accurate device profiles, management of vulnerabilities and exploits and meaningful integrations with the entire security tool ecosystem.

The industry is also evolving as more technology innovations continue to create new security vulnerabilities in the sector, and in turn, increase risk. Integrators looking to stay educated and on top of current cyberattack trends will not only mitigate threats but will eventually become leaders and experts in the space.

Samuel Hill is Director of Product Marketing for Healthcare IoT security platform provider Medigate, a Claroty company. Learn more at  

About the Author

Samuel Hill

Samuel Hill is Director of Product Marketing for Medigate by Claroty