Healthcare in the crosshairs of cybercriminals

News reports of cyberattacks on hospitals are deeply disturbing. Not only do they threaten the functioning of critical services, but they also undermine patient confidence. When a hospital is affected, human lives are put at risk. These attacks reveal how vulnerable the most vital institutions of our society can be.

In response to this growing threat, the European Union has presented the European Action Plan to protect hospitals and healthcare providers from cyber attacks. This is an important initiative to support EU Member States in this area. But is it enough on its own?

It is time to take stock of where we are today and what we can do to strengthen security in this critical sector, say Márk Szabó and André Lameiras from global digital security company ESET.

Growing cyber threats in the healthcare sector

In recent years, cyber attacks against healthcare providers have increased dramatically, jeopardising both patient safety and data privacy.

A notable example is the ransomware attack against Synnovis in June 2024, which disrupted more than 3,000 medical appointments in England. Cybercriminals leaked more than half a terabyte of confidential medical data. Similar incidents were recorded in Romania in February 2024, when more than 100 healthcare providers, including 25 hospitals, were hit by a ransomware attack. Connectivity to more than 79 facilities was disrupted, while critical medical devices, such as internet-connected magnetic resonance imaging (MRI) scanners, ceased to function.

The cyberattack on Düsseldorf University Hospital in 2020 had dramatic consequences. Although the attack was accidental, it led to delays in critical treatments and contributed to the death of one patient. This tragic event highlights the unintended but extremely serious consequences that such attacks can have.

A prevention-oriented approach to healthcare

Healthcare providers are attractive targets for cybercriminals because even the slightest disruption to their services can have a huge impact. In addition, hospitals typically rely on a heterogeneous mix of technologies, often outdated, while operating under high-pressure conditions. Staff, focused on the immediate care of patients, may neglect basic cybersecurity practices.

At the same time, healthcare services manage large volumes of sensitive personal and financial data — from social security numbers to billing and credit card details — which can be lucrative if compromised. Furthermore, they are a frequent target of ransomware or DDoS attacks, which block access to critical systems or demand ransom for restoring services.

"Preventive security is now critical. We cannot wait for an attack to happen before we act," explains Márk Szabó from ESET.

Modern threats require technologies based on artificial intelligence and behavioural analysis to detect and block them in a timely manner. A multi-layered approach to security strengthens infrastructure resilience and enables faster recovery after incidents.

At the same time, technologies that leverage the cloud and enable continuous monitoring can detect suspicious activity before it escalates into a crisis.

Cornerstone of European healthcare

As a cornerstone of European society, healthcare organisations are classified as Essential Entities under the NIS2 Directive. This new directive highlights the vital importance of strengthening cybersecurity in the healthcare sector, emphasising the need for robust and reliable protection measures. 

Of particular importance is the establishment of a European Cybersecurity Support Centre for Hospitals and Healthcare Providers, under the auspices of ENISA, as part of the European Action Plan. This Centre is accompanied by an EU-wide early warning service, which aims to provide real-time alerts for immediate threat detection and rapid response to incidents.

The EU Action Plan also includes a subsidised cybersecurity programme for smaller healthcare providers, as well as measures to strengthen supply chain security, in line with the Cyber Resilience Act. Finally, there are plans to actively strengthen cooperation with Europol, in particular through the NoMoreRansom project, in which ESET participates.

Ensuring continuous operation

Hospitals must operate continuously, 24/7, 365 days a year. The need for stable, reliable and flexible security systems is greater than ever to ensure the continuous operation of hospitals.

Modern best practices in cybersecurity include DevSecOps practices, automated and manual quality checks, and the ‘Shift Left’ principle for early detection of errors.

‘The Shift Left philosophy helps engineering teams identify vulnerabilities from the outset — before updates or software are even released,’ explains Lameiras from ESET. "ESET has uncovered and prevented some of the most sophisticated attacks, such as Industroyer and Industroyer2, on industrial control systems in critical infrastructure. The company works closely with law enforcement agencies and international organisations and actively participates in NATO's Locked Shields programme. Protecting healthcare providers is a priority for the global cybersecurity community, as even the slightest disruption can put lives at risk."