By Tony King, SVP, international at NETSCOUT
It is a universal experience for all industries to be threatened by cyberattacks.
They are, like the threat actors launching the attacks, continuously evolving, and are afflicting more and more organisations.
As part of the NCSC’s ninth Annual Review in October 2025, CEO Richard Horne spoke of the continually “widening gap between the rising pace of the cyber threat and the UK’s collective resilience”, claiming a 50 per cent increase in ”highly significant” attacks compared to the previous year, and “a marked increase for the third consecutive year”.
Cyberattacks – a familiar pathogen in the healthcare industry
While cyberthreats represent a major concern across all sectors, in the healthcare field the ramifications extend beyond mere financial losses or damage to reputation.
When the digital systems of a healthcare provider are impacted, there can be both an immediate and sustained interruption to patient care, which can adversely affect treatments and outcomes.
In fact, research shows that the healthcare industry was subject to 293 ransomware attacks in the first nine months of 2025.
While it’s easy to view these attacks as merely digital incidents, their real-world consequences are deeply felt across targeted organisations and the patient communities they serve.
These disruptions, such as compromised patient data records and medication ordering systems, can result in patients receiving dangerously inaccurate/delayed care, or even no treatment at all.
For example, in June 2024, unauthorised access to sensitive patient information caused several London hospitals to cancel crucial appointments and operations, preventing thousands of patients from receiving the treatment they required.
The healthcare sector – an at-risk patient
Tony King
The diagnosis, therefore, is relatively clear: the healthcare industry is an at-risk patient with a vulnerable cyber immune system.
In many cases healthcare providers have outdated IT systems within their environments. Coupling this with an ever-pressurised workforce leaves many institutions underprepared when faced with sophisticated cyberattacks.
But what makes healthcare institutions such valuable targets for threat actors?
The answer lies in the type of data they hold.
The head of information security research at 451 Research/S&P Global told Forbes that “the highly sensitive nature of both patient and practitioner information, and the impact on finance at virtually every level” deems healthcare an attractive target for ransomware attacks, the payouts for which rose to $1.2 million (£887,000) in 2025.
The sensitivity of patient information also serves cybercriminals whose goals are rooted in ideology or hacktivism; the ability to undermine the safety and security that healthcare services are designed to provide can be an exceptionally powerful political tool.
The combination of these factors places a great strain on cybersecurity, rendering healthcare a prime target.
Network visibility – the treatment
So, what can healthcare institutions do to protect themselves moving forwards?
The first step to solving any problem is to recognise it; but this is a difficult step to take without the ability to see.
This is where complete, end-to-end network visibility is vital.
It is not enough to simply react to cyberattacks as they happen – only through continuous monitoring can teams and institutions build a view of ‘normal’ behaviour within their infrastructures.
This ‘normal’ then becomes a baseline for assessing their level of risk exposure and enables anomalies and other initial indicators of cyberattacks to be much more easily identified, and threats contained.
Just as a patient requires regular checkups and professional observations to catch concerning symptoms before they are allowed to progress and fester, comprehensive visibility across the network and application layers provides healthcare institutions with a complete picture of their digital wellbeing.
Threat actors may always have a window of opportunity to infect organisations, but it is the consistent monitoring and inspection of an infrastructure that greatly diminishes how far an infection can spread, and thus the likelihood of success for a threat actor.
Strengthening cybersecurity – the prehabilitation
Like most industries, healthcare is increasingly turning to artificial intelligence (AI) as a means to enhance defences.
Institutions can employ machine learning algorithms to analyse data gathered through network and application layer monitoring, accelerating and streamlining the identification of anomalies that would otherwise go undiagnosed.
And automated threat responses can also be provided by these AI platforms, reducing the burden on strained security teams, and ensuring consistent and rapid remediation.
The key to success with AI is not the sophistication of the algorithms used, it is the consistency and quality of the data provided.
As in medicine, for the best outcomes, the best diagnostics are essential.
By investing in solutions that deliver consistent, high-fidelity data into observability and cyber security platforms, healthcare providers can guarantee that their defences are strong enough to meet the challenges they face.
In an industry in which failing to protect the digital ecosystem is tantamount to putting patients’ wellbeing at risk, complacency is not something healthcare providers can afford.
