Healthcare has become a prominent target of cyberattacks, and prevention here plays the same role as dental hygiene at the dentist. According to an NBU report, the sector ranks among the worst in terms of compliance with requirements – roughly at 45 % – and the number of reported incidents has surged year over year. What can hospitals and smaller clinics do about it?
Healthcare under pressure: facts over feelings
Attackers are losing their inhibitions and view healthcare facilities as an attractive target because service outages endanger lives and increase the likelihood of ransom being paid. NBU states that healthcare is the third-worst sector in compliance with security requirements, roughly at 45 %. That is also why the number of reported incidents grew year over year to roughly triple. This is no longer a marginal issue, but an operational risk with a direct impact on patients.
Paradoxically, attempts to exploit vulnerabilities fell by roughly a third, though the cause is unclear. At the same time, other attack vectors are strengthening: a 31 % increase in “brute force” attacks, malware distribution up 450 % and DDoS by as much as 3900 %. Looking away is not an option – a longer IT outage means delayed diagnoses, manual procedures, problems with medications, billing, and supplies. Prevention is cheaper and more reliable than late firefighting.
Separate, segment, control: the foundation of architecture
The first step is to clearly separate the “external” and “internal” worlds and place a gate – a firewall – between them. Inside the network, you need to implement segmentation so that if an attacker breaks in, they cannot reach everything but remain confined to a single segment. Network access control policies help by defining who may communicate at all, when, and with what device. This minimum alone significantly reduces the impact of an attack and shortens recovery time.
It is an advantage when the firewall can centrally manage both the wired and wireless infrastructure and apply the same rules across the entire network. The talk featured examples of Fortinet solutions (FortiGate with management of FortiSwitch and FortiAP) that enable this approach. What matters, however, is that the individual components form a single ecosystem and cooperate – otherwise blind spots arise.
The next layer: cloud services, endpoints, decoys, and monitoring
Security capabilities can be extended through cloud services that offer firewalling, web filtering, sandboxing, and other tools under a single console. Today, antivirus alone is no longer enough – endpoints need advanced protection and behavioral detection to catch new threats. “Decoys” in the form of fake servers mimicking common medical devices are also useful, revealing an attacker immediately after intrusion. This shortens the time they remain undetected in the network from tens or hundreds of days to a minimum.
All of this only makes sense if solutions are continuously monitored and incidents are tracked in real time. The speaker emphasized the importance of a unified ecosystem (e.g., Fortinet Security Fabric) and SOC-type monitoring services for handling and coordinating responses. The goal is simple: see what is happening on the network and act before an attack escalates into an operational crisis.