Jeff Erbert | 6 June 2025
Cybersecurity In Hospitals: No Longer Optional
Hospitals and healthcare institutions, like other high-profile organizations, depend on an amalgam of connected technologies to deliver care efficiently and effectively. Unlike yesteryear, imaging results are interpreted in a matter of hours, appointments can be changed through an app, and – if desired – we can ask a provider to examine whatever ails us through a simple video call.
The benefits of technology don’t just warrant investment – it’s necessary for modern hospital operations. However, this inevitably comes with operational vulnerability. In our piece “Hospitals: Prime Targets For Hackers” we delve into why exactly hackers like to target hospitals, and just how valuable patient data can be (hint: it’s some of the most valuable). Nonetheless, hospitals are becoming increasingly cyber-aware and for 2025 appear to be adjusting their IT budgets accordingly.
The Current State of Healthcare Cybersecurity
An IBM study revealing that data breaches for healthcare institutions are now twice as costly as those in the financial industry—and that’s a staggering 53% rise since 2020.
What’s more, the threat extends beyond compromising Protected Health Information (PHI). Cybercriminals understand that hospitals depend on a complex web of digital systems—ranging from Electronic Health Records (EHRs) and telehealth services to pharmacy tracking tools, medical imaging systems, and even pneumatic tube networks.
If they can wedge their way in between any of these systems – usually through phishing or deceiving an employee – and demand ransom by bringing systems (including pharmacy automation systems and pneumatic tube systems) to a stand-still, it can have serious financial and operational consequences.
Healthcare Adoption of AI Technology
Hospitals are increasingly open to adopting Artificial Intelligence (AI) technology. According to a survey administered by the Healthcare Information and Management Systems Society (HIMSS), 81% of respondents indicated that their respective healthcare organizations permit the use of AI applications. Of that 81% that have adopted the technology, only 50% are restricted to AI applications previously approved by hospital IT leaders.
In healthcare, one of the most common applications of AI is to streamline administrative tasks such as:
- Transcribing patient notes
- Transcribing strategic or administrative meetings
- Routine patient communications
- Patient related record keeping
- Electronic Health Record queries
That makes it a lucrative target for nefarious actors trying to acquire sensitive patient information. Of course, many of these programs are vetted by IT to ensure Health Insurance Portability and Accountability Act (HIPAA) compliance, encryption standards, data integrity, and whether or not these platforms leverage trusted infrastructure. But all of that doesn’t prevent human error from compromising access. As most security experts will tell you, it’s much easier to deceive a human user than it is to decode an encryption extending to the nth power. It’s essential, then, that hospitals employ best practices from both a technical and educational stand point to ensure proper cybersecurity.
Hospital Investments In Cybersecurity Are On The Rise
That same Healthcare Information and Management Systems Society (HIMSS) report shows that 55% of hospitals in the survey expect to see an increase in their respective cybersecurity budgets. That budget is expected to make improvements to tools (including software updates or upgrades for existing operational technology), refining policies or protocol, and last but not least – training programs to help current employees better recognize the increasingly clever dark arts criminals use to gain access to internal programs.
That said, the most common attacks come in the form of:
- Phishing – Fake emails or messages that trick users into clicking malicious links or giving away sensitive information like passwords and logins.
- Spear Phishing – A more targeted form of phishing where attackers customize messages using personal information to make them more convincing.
- Whaling – A type of spear phishing aimed specifically at high-level executives or decision-makers, often involving fake invoices, urgent requests, or requests for information.
- Smishing – Phishing via SMS/text messages.
- Vishing – Phishing via voice calls, often pretending to be from IT support.
- Malware – Malicious software (like viruses or spyware) that can be installed by downloading email attachments or visiting infected websites.
- Drive-by Downloads – Automatically downloading malware onto a device when a user clicks a dangerous link to a compromised or malicious website.
Going Forward
Cybersecurity in hospitals is no longer an IT concern — it’s a frontline priority. As healthcare continues to embrace digital transformation, from AI-powered workflows to interconnected medical systems, the stakes for patients and facilities have never been higher. The good news? Hospitals are responding accordingly.
With increased budgets, smarter tools, and a growing emphasis on employee training, the industry is taking meaningful steps to defend against cyber threats. Is your hospital? The future of healthcare depends not just on innovation, but on the vigilance and resilience of the systems that support it.