Skip to main content
Advertisement
Home

Main navigation

  • Digital Issue Archive
  • Service Directory
  • Awards
  • Advertise
  • Subscribe now

Secondary

  • Travel Insurance
  • Policies & Partnerships
  • Travel Risk Management
  • Travel Trends
  • Hospitals & Healthcare
  • Industry Moves
  • Reviews
International Hospitals & Healthcare Part of the IH&H family
Part of the
IH&H family
International Hospitals & Healthcare
Hospitals & Healthcare

Digital doctoring: the importance of cybersecurity in healthcare

Hospitals & Healthcare
1 Dec 2025 | Oliver Cuenca
Share
Collage of a doctor using an iPad

Oliver Cuenca explores the issues caused by poor cybersecurity and what healthcare providers can do to address them

Healthcare organisations are under siege. As digital transformation accelerates across hospitals, clinics, and insurers, so too does the complexity – and fragility – of their cyber defences. From outdated IT infrastructure to the unchecked rise of generative artificial intelligence (AI) tools, the sector faces a perfect storm of vulnerabilities that threaten not only data integrity but patient safety itself.

Key vulnerabilities

Oleg Gorobets, a security expert at cybersecurity firm Kaspersky, noted that the healthcare sector was “uniquely exposed” to digital threats, “because it combines legacy IT systems, connected medical devices, and third-party suppliers into a single ecosystem”.

He also warned that while ransomware was often the most visible threat “because downtime immediately affects patient care, and makes organisations a prime threat”, there were other, equally concerning dangers that are often overlooked. Most notably: “Stolen credentials – which can open the door to claims platforms and patient records,” Gorobets explained. “Add to that the dependence on external labs, billing services, and cloud vendors, and a single weak link can trigger widespread disruption.”

A spokesperson from Varonis, citing the company’s 2025 State of Data Security Report – Healthcare & Life Sciences, described the growing and frequently unrestricted use of AI as a key security concern. In particular, the use of so-called ‘shadow AI’ – when employees use unauthorised generative AI applications without oversight or potentially the knowledge of the company – presents a
“major risk to data security”. They noted: “Employees can accidentally leak sensitive or confidential data using shadow AI, [while] organisations may be fined if these apps fail to comply” with data security regulations such as the US Health Insurance Portability and Accountability Act (HIPAA), and the European Union’s General Data Protection Regulation (GDPR).

Additionally, such applications can remain risky even if no users have logged into them for weeks or months. Varonis stated that despite such apps being “stale”, they “still have permission to access sensitive data”.

Varonis data suggests that around 64% of healthcare organisations have employees using unsanctioned apps, including shadow AI.

Keep on reading

dhig GmbH

AI in claims management: the governance gap

Diyan Stanev, Head of Operations at dhig GmbH, tells ITIJ about the limitations of AI, and who takes responsibility when things go wrong

Sponsored by dhig GmbH

31 Oct 2025
|
Editorial Team

Beyond this, even authorised uses – if poorly applied – can pose a risk to healthcare providers’ security, the Varonis spokesperson added, noting that “as more organisations develop AI processes and products, the data used to train them is at risk from breaches and attacks”.

Training data – typically stored on cloud-based servers – is inadvertently exposed to confidential information. This can lead to unauthorised access by the AI’s users, compromising the solution’s integrity and security.

The spokesperson added: “With vast volumes of sensitive information and scores of users to manage, cloud data security can be challenging at scale. Our analysis showed that cloud data, including unmasked data and exposed buckets, is largely overexposed and underprotected.”

Varonis data suggests that around 64% of healthcare organisations have employees ‎using unsanctioned apps, including shadow AI

More egregiously, some AI solutions may be at risk of “model poisoning” – when attackers deliberately manipulate the AI model’s training data to corrupt its performance.

“This happens when a malicious user gains access to the model’s cloud resources, such as containers, storage accounts, and databases, and can write to or modify those resources without triggering alarms,” they said. “Model poisoning can lead to dangerous outcomes – imagine an attacker modifying payment information details used in a model. Unaware, the company deploys the model. When users ask for the vendor’s bank details, they are provided with the bank details that the attacker injected.”

Advertisement

Why healthcare is such a high-risk sector

Citing Kaspersky’s latest IT Security Economics report, Gorobets warned that the healthcare sector remained underfunded, relative to the threats it faces from cyberattackers. He noted that in an average IT budget of US$5.4 million, only around $0.6 million was dedicated to cybersecurity.

Additionally: “Despite experiencing an average of 18 security incidents in 2024, the sector’s overall security maturity remains low, with efforts often concentrated mainly on training,” he added. “The average losses of $1.8 million (twice their security budget) reflect this gap – particularly as these industries face incidents involving malware, public cloud vulnerabilities, and high-permission breaches.”

Gorobets continued: “Detection and response times often span weeks, leaving these organisations exposed to prolonged risks. Cyberattacks can delay diagnoses, cancel operations, and compromise patient safety. At the same time, they expose some of the most sensitive data people hold: their medical history.”

He warned that this combination of factors could result in serious harm to the healthcare provider’s reputation, adding that once trust is lost, it is difficult to rebuild.

“Institutions may recover their systems, but rebuilding public confidence, regulatory standing, and financial stability takes far longer,” Gorobets said.

The Varonis spokesperson added that many healthcare organisations – and many organisations in general – found it difficult to keep up with securing identities and managing permissions. “A single user can gather dozens of roles and group memberships,” they said. “Meanwhile, understaffed IT and security teams often struggle to revoke unused or unnecessary memberships when users change roles or leave.”

They added: “Our 2025 State of Data Security Report shows that organisations have fallen behind in managing permissions and securing identities – particularly non-human identities like APIs [application programming interfaces] and service accounts. Poor management and excessive privileges [can] lead to unauthorised access and data breaches.”

Keep on reading

 New Frontier Group (NFG)

From tariffs to telehealth

Gitte Bach, CEO at New Frontier Group (NFG), talks to ITIJ about challenges and innovation in the industry

Sponsored by New Frontier Group

31 Oct 2025
|
Editorial Team

What improvements can be made?

To combat the risk of such attacks, Gorobets argued that the most effective steps a healthcare provider could take were often also the most fundamental and practical ones.

“Firstly, proper hardening of the IT system is foundational,” he said, adding that alongside the timely management of all identified vulnerabilities, “the basics” should include:

  • Segmenting networks – so that attackers cannot move freely
  • Enforcing multi-factor authentication (MFA)
  • Ensuring that critical systems are backed up securely, and tested for recovery.

However, Gorobets added: “While having solid mainstay protection for all infrastructure levels is essential, those attacking healthcare institutions are often smart enough to look as normal as possible for typical prevention-class automatic countermeasures. So, extended detection and response tools are what can enable IT security teams to identify elusive threats amidst background noise and respond before they spread.”

He also noted that cybersecurity awareness education was of the “utmost importance” in environments such as healthcare facilities, “where the cost of a human error is pretty high”.

Cyberattacks can delay diagnoses, cancel operations, and compromise patient safety

Gorobets concluded by stating that the quest for cyber resilience “must go beyond your own organisation – which means scrutinising supplier security and planning for outages across the broader ecosystem.

“Probing the regular, deep, and dark web for indicators of unhealthy activities around both the institution and its key suppliers might well result in a timely putting of all defences to the state of high alert – and, therefore, preventing the worse from happening,” he said.

Varonis also recommended that healthcare providers who were looking to incorporate AI into their operations should be proactive in taking steps to secure their critical information.

In particular, companies should “assume that breaches will occur”, and proactively work to decrease the potential damage an attacker can do with just one stolen identity.

“Aim to minimise your blast radius by continuously monitoring data and remediating issues, locking down permissions and access to prevent identity-based attacks, and monitoring AI co-pilots, chatbots, and agents to prevent exploitation and misuse,” the spokesperson said.

Additionally, they advised that healthcare firms should employ a “holistic approach to data security”, ensuring that all aspects were being considered, and added that despite the potential risks of AI, they were not advising people to avoid it completely – rather, companies should ensure that they “use AI for good”.

Indeed, appropriately used, AI can be a “powerful tool for defenders”, allowing IT and security teams to “accurately identify, classify, and label sensitive information across large data sets, remediate vulnerabilities … and catch malicious insiders and abnormal behaviour that indicates an attack”.

Gorobets highlighted the enormous importance of cyber insurance as a means to strengthen a healthcare provider’s security posture. “In healthcare,” he said, “where downtime can lead to cancelled treatments and disrupted claims, [cyber] coverage is essential.”

Gorobets added that an effective cyber policy would focus first on “breach containment and rapid system restoration – the steps most critical to maintaining vital business processes”. After helping to re-establish control, such policies then “extend to the wider costs of managing an incident, including forensic investigations, legal advice, patient notification, and business interruption losses”.

However, he noted that as cyber insurance has come to play a greater role in organisations’ overall security, the counterpoint is that insurers now require evidence of “strong controls such as MFA, endpoint detection, and resilient backups before they will underwrite at favourable terms”.

Advertisement

Conclusion

In an era when digitalisation is increasingly reshaping healthcare – often faster than those working in the sector can get a handle on the implications of this new technology – the risk of exposure to cyber threats has never been greater. Legacy systems and shadow AI, combined with frequently under-resourced security teams and sprawling third-party ecosystems, can leave openings for attackers.

However, a holistic approach to security, careful planning, and a thorough and proactive approach to best practice can go a long way towards containing and combatting these threats before damage is done – to both internal systems and public trust.

ITIJ December issue cover

December 2025
 Issue

In this issue of ITIJ we examine breaches of cyber security in the healthcare sector and ask what can be done to prevent them, share travel predictions, including risks and hotspots, for 2026, and look at the global implications of changes in international student travel.

Read full issue

Oliver Cuenca

Oliver Cuenca is a Junior Editor for Voyageur Group, joining in 2021. He writes for both ITIJ and AirMed&Rescue, covering a range of topics including international travel and health insurance, medical assistance provision and air medical transportation. He also serves as Title Editor of the Assistance & Repatriation Reviews. Oliver holds an MA in Magazine Journalism from Cardiff University, as well as a BA in English with Creative Writing from Falmouth University.

JCI launches global certification to standardise Centers of Excellence GettyImages-2229538647

JCI launches global certification to standardise Centers of Excellence

1 Jul 2026
Chloe Fox
Ebola vaccine

CEPI approves funds for Ebola vaccine development

3 Jun 2026
Oliver Cuenca
APRIL International retains top IPMI service rating for fifth consecutive year

APRIL International retains top IPMI service rating for fifth consecutive year

1 Jun 2026
Siân Yates
telemedicine laptop

South Korea to expand telemedicine services for foreign patients

1 Jun 2026
Oliver Cuenca
Hospitals & Healthcare Headlines
orient-insurance-and-allianz-partners-launch-sphera-international-healthcare-plans

Orient Insurance and Allianz Partners launch Sphera international healthcare plans

The plans, launched under the Sphera brand, are the product of Orient Insurance’s local knowledge, combined with Allianz Partners’ global healthcare expertise
29 May 2026
|
Oliver Cuenca
Medanta hospital expansion

Medanta Group outlines hospital network expansion plans

The healthcare provider is planning a major expansion of its facilities in the coming years, with five new hospitals planned in four Indian cities
28 May 2026
|
Oliver Cuenca
Italy investigates two suspected Ebola cases in Milan linked to Uganda aid workers

Two suspected Ebola cases in Italy linked to Uganda aid workers test negative

The suspected Ebola cases in Milan involving aid workers returning from Uganda underscore escalating cross-border transmission risks linked to the ongoing outbreak
26 May 2026
|
Chloe Fox
Anthropic and Gates Foundation launch $200m AI partnership focused on global health and education

Anthropic and Gates Foundation launch $200m AI partnership focused on global health and education

The new four-year partnership aims to expand access to AI tools and infrastructure across healthcare and education systems
26 May 2026
|
Siân Yates
Dubai UAE skyline night

UAE to build universal healthcare system

The system, which will be underpinned by a national health insurance scheme, aims to provide international-standard healthcare provision to all citizens
25 May 2026
|
Oliver Cuenca
test

The Red Cross has expressed condolences for three volunteers who died after contracting Ebola while handling bodies in the Democratic Republic of Congo

The Bundibugyo strain of Ebola – for which there is no approved vaccine or treatment – has been declared an international public health emergency by the World Health Organization
25 May 2026
|
Michelle Royle
Berlin partnership accelerates AI-driven shift in cardiovascular care

Berlin partnership accelerates AI-driven shift in cardiovascular care

A Berlin partnership aims to advance AI-driven cardiology, highlighting the growing role of predictive, connected care in cardiac disease management, and remote monitoring
25 May 2026
|
Siân Yates
Osaka big crab

Osaka reports high rates of unpaid medical bills from foreign visitors

The issue reported by the government of Osaka Prefecture reflects a broader issue for Japanese healthcare providers
23 May 2026
|
Oliver Cuenca
Read More Hospitals & Healthcare News
H&H February 2025

February 2025
 Issue

Offering readers a deep dive into the issues facing providers and payers of healthcare services around the world. Cost containment, international patient department development, the role of AI in healthcare delivery and more.

Read full issue

Hospitals & Healthcare Long Reads

Suitcase with sandals

Patients without borders

Global travel has rebounded from its pandemic slump – and medical tourism is no exception. IH&H explores the top destinations for cross-border care, and the treatments patients are seeking
1 May 2026
|
Editorial Team
Woman in airport

Canadian patients look abroad for healthcare relief

Milan Korcock shares details about Canadians bypassing domestic waiting lists and heading abroad for care, exploring why the trend is accelerating, which treatments are most affected, and how insurers are...
1 May 2026
|
Milan Korcok
Image of south korea landscape

South Korea’s medical tourism surge

Chloe Fox speaks to industry experts about South Korea’s rise as a medical tourism hub, the global demand for K-beauty and advanced treatments, and the patient-focused services shaping the sector’s...
1 May 2026
|
Chloe Fox
Singapre city skyline

Singapore’s IPMI shift: a blueprint for Southeast Asia’s healthcare future

Singapore’s regulatory adjustments, provider-payer collaboration, and emphasis on transparency offer practical lessons for healthcare systems in Thailand, Malaysia, Indonesia, and Vietnam as they navigate rapid private healthcare growth, medical inflation, and...
1 May 2026
|
Lauren Haigh
Landscape of India

A passage to India

For the citizens of India, and many expats, public healthcare provision can vary wildly depending on where they are. But what does the private healthcare landscape look like – particularly...
1 May 2026
|
Stefan Mohamed
Illustration of doctors

Safe and responsible adoption of AI in healthcare

David Qu explores how AI is transforming global healthcare, from patient care to drug discovery, while addressing data, bias, privacy, and ethical challenges
1 May 2026
|
Editorial Team
Doctors with graphs behind them

From cash pay to covered benefit: the rise of stem cell therapy in insurance

Jonathan Edelheit, CEO of Healthcare Revolution and Co-Founder and CEO of the Medical Tourism Association, shares how regenerative medicine is now sufficiently mainstream that insurers are changing their benefits structure...
1 May 2026
|
Jonathan Edelheit
Graphs and charts

UK wealth moves signal global shift in premium healthcare demand

Karim Idilby, Chief Growth Officer, AXA Global Healthcare, discusses shifting global wealth migration, the policy forces driving talent mobility, and evolving expectations for international healthcare
1 May 2026
|
Karim Idilby
Read More Hospitals & Healthcare Long Reads

Why subscribe to ITIJ?

In-depth analysis

In-depth analysis

Unique insights and expert opinions on the latest industry developments

A wider perspective

A wider perspective

Get the global view on the topics that are trending in your region

Breaking news

Breaking news

ITIJ.com has all the latest news relevant to travel insurance and IPMI professionals

Subscribe now
ITIJ IH&H

Footer menu

  • About Us
  • Subscribe
  • Advertise
  • Contact
  • Privacy Policy
  • Terms
  • Voyageur
International Travel & Health Insurance Conferences

Social

  • LinkedIn link
  • Twitter link

© Voyageur Publishing & Events 2026

Close