IoT and ransomware pose major security risks and healthcare systems feel unprepared

Healthcare organizations are increasingly under siege by sophisticated cyber attacks, with ransomware groups exploiting vulnerabilities in critical infrastructure.

In 2024, nearly 400 U.S. healthcare organizations reported incidents linked to ransomware operators such as LockBit 3.0, ALPHV/BlackCat and BianLian, according to a recent study. report from Veriti.

Half of healthcare organizations surveyed say they are not confident in detecting and resolving such breaches, 42% of organizations have no policies in place to prevent unauthorized access to data, and 51% do not have the necessary technologies to prevent breaches .

Endpoint misconfigurations posed a significant risk: 35% of systems failed to quarantine malicious files, increasing susceptibility to ransomware encryption.

Misconfigured recovery processes further increased the risks, affecting 22% of hosts by allowing attackers to disable volume shadow copies and recovery tools.

Medical devices and protocols such as DICOM are also vulnerable, creating opportunities for data theft and unauthorized access.

Oren Koren, co-founder and CPO of Veriti, explained that the rise of IoT devices, AI integration and cloud-based systems add new dimensions to these challenges.

He said one of the most concerning findings from the report was the fact that vulnerabilities have not and will not be patched.

“This poses a major threat to any healthcare organization that uses devices that cannot be updated or upgraded due to compliance and regulations,” he said. “Unfortunately, as a result, we will continue to see healthcare organizations experiencing ransomware.”

Koren added that in light of evolving threats, healthcare organizations are currently focusing on two key areas: virtual patching, which uses compensatory control as a countermeasure to risks they cannot address; and disaster recovery plans involving massive purchases of hardware and software for a catastrophic event.

“They will need to evaluate their current systems and adapt to more innovative control measures to prevent future threats,” he said.

Koren predicted that IoT threats would continue to evolve into 2025 and warned that exposed assets – those that need to be exposed for maintenance – will be hacked much faster.

“The attackers’ use of AI and automated vulnerability scanning allows them to find an exposed IoT device and launch an attack on it much faster than before,” he said.

He added that most healthcare organizations’ security controls now rely on advanced AI to analyze threats.

However, due to strict regulations, sensitive healthcare data must remain confidential, meaning patient data is excluded from AI analysis

Koren said that by 2025, better intelligence sharing will enable rapid responses to emerging threats.

“When a threat is identified in one organization, warnings and necessary countermeasures will be quickly disseminated to others – with an emphasis on strengthening pre-breach as the central approach,” he explained.

As healthcare organizations struggle to defend themselves against a growing number of threats, they are turning to Zero Trust and micro-segmentation and proactive threat management to strengthen security.

A recently introduced healthcare cybersecurity bill would support healthcare organizations with grants aimed at strengthening prevention and response, while the Administration for Strategic Preparedness and Response seeks feedback through surveys and task force evaluations to assess the cybersecurity readiness of public health organizations and to strengthen.

Nathan Eddy is a healthcare and technology freelancer based in Berlin.
Email the writer: nathaneddy@gmail.com
Twitter: @dropdeaded209