Close this search box.

Why Is the Healthcare Industry so Vulnerable to Ransomware?

The author

Sponsored Post: Tapan Mehta – Global Leader – Healthcare Strategy & Solutions – Palo Alto Networks

Healthcare providers around the world are reimagining the patient experience with the use of smart medical devices. Protecting these devices need a comprehensive Zero Trust solution to mitigate ransomware attacks.

You’ll find IoT devices all over the real world these days. Modern cars have multiple IoT devices. Schools have smart boards, and retailers have scanners, cash registers, and devices for monitoring inventory. Farms are rapidly deploying IoT devices to monitor soil and trigger irrigation when needed. Police and many private actors are using drones. Specialized networked devices control industrial processes and networked surveillance cameras are everywhere.

The number of connected IoT devices worldwide is expected to double by 2030[1]. The number of IoT devices exceeded the number of non-IoT devices in 2020 and will exceed them 3:1 by 2025[2]. If you don’t have a strategy in place to secure these devices, your network will be overcome with vulnerable attack vectors.

Medical IoT

No other industry has jumped into the IoT waters as deeply as healthcare. Doctors’ offices and hospitals are full of networked medical devices to test patients, monitor them, and even administer medication. Medical IoT devices have long-life spans, often 10 to 15 years. Even if security updates are available for a particular device, healthcare providers don’t usually apply them. As a result, they become tempting entry points for attackers into the broader network.

Healthcare providers have famously been a favorite target of ransomware attackers[3], and IoT/IoMT is one of these institutions’ biggest vulnerabilities. Here are some of the brutal numbers[4]:

  • 41% of attacks exploit vulnerabilities in IoT devices
  • 75% of infusion pumps have unpatched vulnerabilities
  • 83% of imaging systems run on unsupported operating systems
  • 98% of all IoT device traffic is unencrypted
  • 57% of all IoT devices are vulnerable to medium- or high-severity attacks

How you get IoT/IoMT under control

There are three main steps in addressing the problem:

Step 1: Gain visibility into the IoT devices on your network.

In businesses large and small, it is common for individual groups and departments to put IoT devices on the network without consulting the IT department. IT only learns about the devices when they get a call for support.

Expensive IoT devices, such as MRI machines, are built on sophisticated computers, making them easier to secure. Others, like the many sensors in a factory or a thermostat, are designed to be simple and inexpensive and may be unable to run any security software. In either case, you need a security platform to seek out all network devices and figure out what they are.

Step 2: Create and enforce policies to protect these devices.

The policies you want for your IoT devices depend on your requirements. In a heavily regulated business-like healthcare, many requirements will address regulatory compliance and conformity to standards mandated by agencies such as the FDA. You may have other requirements.

You may have heard of Zero Trust Network Architecture (ZTNA), and nowhere is it more important than with IoT. A device should not be trusted by other systems on the network any more than necessary to perform its function. Such a policy greatly raises the bar for a successful attack. Whatever your requirements, you need a system that can address them globally to enforce your policies wherever required.

Step 3: Automate the onboarding and autonomously securing of these devices.

The necessity of automation is axiomatic in security. With such large numbers of devices going on and off the network 24x7x365, human staff cannot possibly keep up, and security should not require them to. A sophisticated system allows you to define your policies and then automatically enforce them.

Learn More

To learn how Palo Alto Networks can help you secure your medical devices, please visit the Medical IoTSecurity Solution page for more details.

[1] Statista: “Number of Internet of Things (IoT) connected devices worldwide from 2019 to 2021, with forecasts from 2022 to 2030”,

[2] Statista: “Internet of Things (IoT) and non-IoT active device connections worldwide from 2010 to 2025”,

[3] Healthcare IT News: “Ransomware attacks have doubled in 2 years, report shows”,

[4] Unit 42 IoT Threat Report,

This post sponsored by PaloAlto Networks

Sign Up For Our Newsletter

Don’t worry, we hate spam too!

Get The Latest On Ransomware Right In Your Inbox

Sign Up To Receive Our Monthly Ransomware Newsletter
Don’t worry, we hate spam too

Is This Your Business?
Get In Touch

Contact Us To Sponsor Your Business Listing & Learn More About The Benfits.

Before You Go!
Sign up to stay up to date with everything ransomware

Sign Up To Receive Our Monthly Ransomware Newsletter
Don’t worry, we hate spam too

JUST RELEASED: The 2024 State of Ransomware Survey is in.


Share via
Copy link
Powered by Social Snap