Mangelhafte Cybersicherheit im Gesundheitswesen | CSO Online

Healthcare Security: A Growing Concern

The Current State of Healthcare Security

In the healthcare industry, security is a top priority. With the increasing use of technology and the growing threat of cyber attacks, it is essential to ensure that patient data is protected. However, a new report has highlighted that 15% of devices in the healthcare sector lack or have non-conforming security and risk controls.

The 2025 Horizon Report

According to the 2025 Horizon Report, in 2024, a staggering 183 million patient records were compromised worldwide. This represents a 9% increase from the previous year. It is alarming that healthcare organizations are struggling to protect themselves from ransomware attacks.

Security Gaps in Healthcare Organizations

To investigate this issue, security provider Absolute Security analyzed over a million devices in the healthcare sector. The analysts discovered several security flaws, including:

• Lack of non-conforming security and risk controls: 15% of analyzed PCs lacked critical security controls that did not align with internal security and risk guidelines, or even had no security controls at all.
• Delayed patches: The average Windows endpoint in the healthcare sector is 48 days behind on critical security patches. Unpatched vulnerabilities are a primary cause of security breaches and ransomware infections. "This fundamental oversight in security hygiene puts companies at risk of data breaches and prolonged, disruptive outages," the study authors warn.
• Shadow AI risks: The use of AI is on the rise. Healthcare staff often use chatbots and other generative AI platforms that are not HIPAA-compliant. "This is not only a potential danger to patient data and legal non-compliance, but also shows that organizations are ill-equipped to regulate the use of shadow AI," the researchers stress.

Conclusion

In conclusion, the healthcare sector faces significant security challenges. Ransomware groups target vulnerable endpoints to disrupt operations and steal sensitive patient data. At the same time, compliance risks increase as organizations struggle to maintain healthy security controls and monitor AI-related threats. By adopting a proactive resilience approach, hospitals, clinics, and healthcare providers can close risk gaps, avoid regulatory non-compliance, and recover quickly from a cyber attack or IT incident.

FAQs

Q: What is the main security concern in the healthcare sector?
A: The main security concern is the lack of non-conforming security and risk controls, with 15% of devices lacking critical security controls.

Q: What is the average time it takes for a Windows endpoint in the healthcare sector to be behind on critical security patches?
A: The average time is 48 days.

Q: What is the risk of unpatched vulnerabilities?
A: Unpatched vulnerabilities are a primary cause of security breaches and ransomware infections.

Q: What is the concern with the use of shadow AI in the healthcare sector?
A: The use of shadow AI poses a risk to patient data and legal non-compliance, and organizations are ill-equipped to regulate its use.