We value your privacy

We use cookies to enhance your browsing experience and analyze traffic anonymously for internal statistical purposes. By clicking “Accept all,” you consent to the use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site.... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

  • Cookie
    cookieyes-consent
  • Duration
    1 year
  • Description

    CookieYes sets this cookie to remember users' consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal information about site visitors.

  • Cookie
    _GRECAPTCHA
  • Duration
    180 days
  • Description
    This cookie is used by the Google reCAPTCHA service to protect the site from spam and abuse, distinguishing between real users and bots. It performs a risk analysis by collecting information on browsing behavior and device details, such as mouse movements, keystrokes, and technical data.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

  • Cookie
    language
  • Duration
    1 anno
  • Description

    This cookie is used to store the user's language preference.

  • Cookie
    post_viewed_
  • Duration
    1 ora
  • Description

    This cookie prevents a single visit to an article from being counted multiple times when the page is refreshed.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

  • Cookie
    _ga_*
  • Duration
    1 anno 1 mese 4 giorni
  • Description

    Google Analytics sets this cookie to count visitors to the page

  • Cookie
    _ga
  • Duration
    1 anno 1 mese 4 giorni
  • Description

    Google Analytics sets this cookie to calculate visitor, session, and campaign data and track site usage for site analytic reporting. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

News

Cyber security in digital healthcare

Healthcare data must be protected. Discover the cyber security risks and strategies to defend digital health infrastructures effectively.

The healthcare sector

4 June 2025

Table of contents

  • A high-risk sector
  • Real attacks and serious consequences
  • The most common vulnerabilities
  • Security solutions and strategies
  • The role of institutions and regulation

Cyber security in healthcare is now a critical priority. In an era where clinical data and hospital infrastructures are increasingly dependent on digital systems, ensuring the protection of health information is essential to safeguard patient privacy and guarantee operational continuity.

This article explores the specific cyber threats in the healthcare sector, common vulnerabilities, real attack cases, and strategies to strengthen information security in both public and private healthcare systems.

A high-risk sector

The healthcare sector is currently one of the most targeted industries for cyber attacks worldwide. Hospitals, private clinics, diagnostic labs, and public health authorities process an immense volume of sensitive data every day: medical records, lab results, diagnostic reports, treatment plans, genetic data, and personal identification information.

This data is not only invaluable for healthcare systems but also extremely lucrative on the dark web, where it is sold for identity theft, insurance fraud, blackmail, and other criminal activities.

Example
The ULSS 6 Euganea healthcare service in Northern Italy, which in late 2022 suffered a ransomware attack that paralyzed its central servers. Healthcare personnel were forced to revert to pen-and-paper operations, as digital access to patient records, lab reports, and appointment systems was blocked for days. As a result, critical procedures were postponed, and thousands of appointments had to be rescheduled.

This is not an isolated case. Many hospitals still rely on outdated IT systems, some built on infrastructures over a decade old, often lacking official support or regular security updates.

Example
In some hospital wards or medical offices, it’s not uncommon to find terminals still running unsupported versions like Windows 7, leaving them highly exposed to well-known exploits.

Additionally, there’s still a widespread lack of cyber security awareness within healthcare environments. While medical professionals are highly trained in clinical matters, they often receive minimal or no training in information security.

This means that opening a malicious email attachment or using weak passwords like “1234” can unintentionally become a gateway for cybercriminals.

The problem has worsened with the rapid digital transformation of the sector. The rollout of electronic health records, telemedicine platforms, online booking systems, and remote monitoring apps has greatly increased the attack surface.

The more connected the systems are, the greater the risk that a single vulnerability could compromise the entire infrastructure.

Another notable case occurred at San Giovanni Addolorata Hospital in Rome, which experienced a severe cyber attack in 2021.

The hospital’s internal network was taken offline, forcing the shutdown of digital systems across the emergency room, radiology department, and outpatient services—causing massive disruptions in patient care.

These examples highlight an urgent need for a paradigm shift: cyber security in healthcare is no longer a luxury or secondary concern. It must be treated as a critical investment to ensure the resilience of healthcare infrastructure and protect fundamental rights, such as the privacy and security of patient data.

Real attacks and serious consequences

In recent years, cyber attacks on healthcare facilities have increased dramatically, both in frequency and impact

We’re no longer talking about minor data leaks or technical glitches—these attacks can cripple entire hospitals, delay life-saving procedures, and, in some cases, directly endanger patient lives.

One of the most tragic examples occurred in Germany in 2020, when the University Hospital of Düsseldorf suffered a ransomware attack.

Hackers encrypted critical data and locked down systems, effectively halting operations. A woman in critical condition had to be transferred to another hospital due to system outages, but died en route.

This incident is widely regarded as the first documented case of a patient death indirectly caused by a cyber attack on a healthcare facility. It sent shockwaves across both the medical and cyber security communities, demonstrating that cyber security in healthcare is not just a technical issue—it can be a matter of life or death.

Italy has also experienced several high-profile incidents. In May 2022, the Fatebenefratelli-Sacco Hospital in Milanwas hit by a ransomware attack that disabled its IT systems for days. Critical departments, including the emergency room, were forced to operate manually.

Medical reports, test results, and appointments could not be processed digitally, leading to delays in diagnosis and treatment. Even the hospital’s official website and phone systems went down, creating confusion among patients and staff.

Another major case occurred in 2021, when the Lazio Region’s IT infrastructure—responsible for managing public health services—was severely compromised by a cyber attack. One of the most affected systems was the COVID-19 vaccination booking platform, which was completely shut down. For several days, citizens were unable to schedule vaccinations or access their digital health records.

This incident revealed how even regional public health systems, often perceived as more secure, can be vulnerable to sophisticated attacks.

A recurring issue in many of these incidents is the lack of effective incident response plans. Many healthcare institutions do not have updated backups, trained IT emergency teams, or rehearsed cyber crisis protocols. As a result, when an attack strikes, the response is often slow, improvised, and poorly coordinated—exposing patients and staff to unnecessary risk.

What’s more, modern ransomware attacks often involve data exfiltration before encryption. This means attackers steal sensitive data—such as patient records or medical histories—and then use it for blackmail: “Pay up or we’ll leak your patients’ data online.”

The reputational damage from such threats is enormous, not to mention the profound violation of patient privacy.

These examples clearly show that cyber security can no longer be treated as an afterthought in healthcare. It demands a proactive, strategic approach that integrates advanced technology, employee training, emergency response protocols, and, above all, a cultural shift in how we perceive and manage digital risk.

The most common vulnerabilities

Despite its high level of digitalization, the healthcare sector continues to suffer from numerous cyber security vulnerabilities.

These weaknesses are not only technological—they also stem from organizational gaps, lack of training, and a general underestimation of the risks involved.

One of the most widespread issues is the use of outdated software.

Many healthcare institutions still run operating systems or hospital management platforms that have not received critical security patches in years. A striking example is the WannaCry ransomware attack in 2017, which affected dozens of hospitals within the UK’s National Health Service (NHS).

The malware exploited a vulnerability in Windows XP, an operating system that was already unsupported at the time but still widely used across the healthcare network. The consequences were severe: departments shut down, ambulances rerouted, and surgeries canceled.

Another major concern involves Internet-connected medical devices, such as pacemakers, insulin pumps, diagnostic machines, and remote monitoring tools.

These devices are often designed without proper cyber security safeguards and can be targeted by IoT attacks. In 2019, a group of researchers demonstrated how a wireless connection vulnerability could allow an attacker to remotely manipulate a drug infusion pump, altering dosage levels—a terrifying scenario with life-threatening implications.

Weak credentials are another frequent vulnerability. In many healthcare facilities, passwords are shared among staff members or chosen with minimal security standards—examples include “admin,” “hospital123,” or even leaving systems logged in. This creates opportunities for unauthorized access, including by insiders who may not even realize the security risks involved.

The lack of network segmentation is another common and dangerous oversight. In some hospitals, administrative devices, clinical systems, and medical equipment are all connected to the same network. This means that if a single endpoint—say, a nurse’s workstation infected through a phishing email—is compromised, the threat can quickly spread throughout the entire system.

A vulnerable printer or BYOD (Bring Your Own Device) laptop can become the entry point for a large-scale attack.

The COVID-19 pandemic further amplified the risks. With the rapid shift to remote work and telemedicine, healthcare workers began connecting from home networks, often without secure protocols in place.

Personal devices, unsecured Wi-Fi, and the lack of VPNs or multi-factor authentication (MFA) created countless new vulnerabilities, opening the door to data breaches and malware infections.

Another recurring issue is the use of non-certified apps or unregulated cloud services.

Example
When individual departments adopt tools without consulting the IT team—such as using free cloud storage to share patient data or holding video consultations via unencrypted messaging apps—they unintentionally expose the organization to privacy violations and non-compliance with regulations like the GDPR.

Each of these vulnerabilities on its own might seem manageable. But in a complex, high-pressure environment like healthcare, they can combine to create a ticking time bomb.

This is why information security in healthcare must be addressed holistically, with a sector-specific, proactive, and multilayered approach.

Security solutions and strategies

To improve cyber security in healthcare, a multidimensional and integrated approach is essential.

Cyber ​​threats are too complex and sophisticated to be addressed with isolated solutions: a complex, reactive and, above all, proactive defense system is needed.

1. Constant system updates

One of the most effective measures is keeping all software and connected medical devices up to date. Many ransomware campaigns exploit known and unpatched vulnerabilities. Keeping systems updated closes these gaps before they can be exploited.

Example
Linux systems can be configured to automatically update using a cron job like this:

# Automatic nightly system update

0 3 * * * /usr/bin/apt update && /usr/bin/apt upgrade -y

On Windows networks, using WSUS (Windows Server Update Services) ensures centralized patch deployment, reducing manual errors and delays.

2. Network segmentation

Network segmentation is crucial to limit the spread of malware or intrusions. Healthcare facilities should separate medical devices from administrative systems, and keep guest Wi-Fi or personal devices on isolated networks.

A simple VLAN setup on a Cisco switch might look like:

# VLAN configuration for medical devices

interface FastEthernet0/1

 switchport mode access

 switchport access vlan 20

This ensures that, for instance, diagnostic equipment is not on the same network as email servers or public terminals.

3. Multi-factor authentication (MFA)

Multi-factor authentication (MFA) is a must to prevent unauthorized access. Even if a password is stolen, attackers won’t get far without the second factor.

Many modern systems (e.g. Microsoft 365, G Suite, EMR systems) support MFA with apps like Google Authenticator or FIDO2 physical keys.

Even for custom environments you can implement MFA with libraries like django-otp in a Python/Django application:

from django_otp.oath import totp

from django_otp.util import random_hex

# Generate time-based one-time token

secret = random_hex()

token = totp(key=bytes.fromhex(secret))

print("OTP Token:", token)

4. Continuous network monitoring

Real-time traffic monitoring is essential to detect and respond to threats before they escalate.

SIEM (Security Information and Event Management) systems, along with tools like Snort, Zeek, or Wazuh, allow detection of anomalies.

Example using Zeek to monitor suspicious HTTP requests:

# Scan for POST requests in captured traffic

zeek -r network_traffic.pcap http.log | grep POST

This can help detect unusual behavior, such as unauthorized data uploads or communication with malicious servers.

5. Regular backups and disaster recovery

Every security strategy must include frequent backups and a fully tested disaster recovery plan. Backups should be automated, encrypted, and ideally stored offline or in immutable storage (WORM – Write Once, Read Many).

Example of automated backup with rsync:

rsync -a --delete /patient_records/ user@backupserver:/secure-backups/hospital/

It’s also critical to test backups regularly to ensure that recovery can be performed quickly during a crisis.

6. Training and cyber awareness

Technology alone is not enough. Without a strong cyber security culture, even the best tools can fail.

That’s why ongoing training for all staff—including doctors, nurses, and administrators—is fundamental.

Internal awareness campaigns, phishing simulations, and hands-on training are effective tools to increase awareness. A simple exercise, such as sending simulated phishing emails and measuring who falls for them, can be very useful in identifying critical issues in human behavior.

Integration and long-term governance

A secure healthcare organization integrates people, processes, and technologies into a coherent, resilient system.

It requires strong security governance, aligned with international frameworks like ISO/IEC 27001 or the NIST Cyber Security Framework.

Only a holistic, layered approach can truly protect critical infrastructure and the privacy of healthcare data in today’s increasingly digital and targeted healthcare environment.

The role of institutions and regulation

In the context of cyber security in healthcare, public institutions and the regulatory framework play a crucial role in ensuring the protection of health data and the resilience of critical infrastructure.

Although there are clear legal standards at both the European and national levels, their practical implementation is still inconsistent and fragmented.

The primary legal reference across Europe is the General Data Protection Regulation (GDPR), which came into force in 2018. The GDPR classifies health data as a “special category of personal data,” and mandates enhanced safeguards for its processing, including:

  • explicit patient consent for data collection and use;
  • appropriate technical and organizational measures to ensure data security;
  • mandatory breach notifications within 72 hours;
  • direct responsibility for data controllers and processors.

Despite the clarity of the regulatory framework, in many cases the concrete adoption of the measures required by the GDPR is slow or superficial.

Some healthcare facilities limit themselves to formal compliance, neglecting substantial aspects such as risk assessment, data encryption or pseudonymization of clinical data for research purposes.

Example
A further issue is the lack of standardization across regions and healthcare providers. In Italy, for instance, not all local health authorities or public hospitals have the same technological capabilities or internal expertise. This leads to a multi-speed system, where some institutions are cyber-resilient, while others remain vulnerable to even basic threats.

To bridge this gap, national health authorities and government bodies must invest systematically in cyber security.

This goes beyond purchasing software—it means embedding information security into public health policy, with multi-year plans, dedicated budgets, and comprehensive training programs.

In Italy, a major step forward was the establishment of the National Cyber Security Agency (ACN) in 2021.

The ACN is responsible for coordinating the country’s national cyber security strategy and protecting critical infrastructure, including the healthcare sector. Key initiatives include:

  • the creation of the National Cyber Security Perimeter, which includes public agencies and strategic companies (including healthcare facilities);
  • defining minimum cyber security standards for digital service providers in healthcare;
  • promoting training and simulations using cyber ranges and real-time incident drills;
  • supporting public-private collaboration with tech companies and academic institutions.

However, there is still a long way to go. Many healthcare organizations are not yet equipped to respond to advanced threats and lack a formal internal security governance model.

Furthermore, there is a need for stronger European coordination, to ensure that national disparities—between countries or even hospitals—do not become weak points in the continent’s cyber defense.

In short, cyber security in healthcare cannot rely on voluntary efforts alone.

It requires clear regulation, operational support, dedicated funding, and sustained political commitment to build a truly secure digital healthcare ecosystemfor citizens.

Conclusion

Cyber security in healthcare is no longer optional. Protecting patient information, ensuring uninterrupted hospital services, and preventing catastrophic breaches must become top priorities.

With targeted investments, ongoing training, and collaboration between public and private entities, we can face the challenges of an increasingly digital healthcare system.

Questions and answers

  1. Why is cyber security important in healthcare?
    Because it protects sensitive patient data and ensures continuous healthcare services.
  2. What are the main cyber risks for hospitals?
    Ransomware, phishing, unauthorized access, and insecure medical devices.
  3. What is a ransomware attack in healthcare?
    It locks down systems and demands ransom, with potentially life-threatening consequences.
  4. Which healthcare data is most at risk?
    Medical records, diagnoses, treatments, lab results, and personal identification.
  5. How can hospitals improve cyber security?
    System updates, network segmentation, backups, and staff training are essential.
  6. Does GDPR cover healthcare data?
    Yes, it sets strict requirements for handling sensitive health data.
  7. Can cyber attacks endanger patients’ lives?
    Yes, especially if critical systems are blocked or medical procedures are delayed.
  8. Who is responsible for cyber security in hospitals?
    The Chief Information Security Officer (CISO), with IT and hospital leadership.
  9. Are connected medical devices secure?
    Often not—they may lack the cyber security measures required to prevent attacks.
  10. How can healthcare staff be trained in security?
    Through regular courses, attack simulations, and clear internal guidelines.
3
To top