We all know the high-stakes scenes from medical dramas like ER or The Pitt, and clinicians train for those moments. What they do not rehearse is the morning when the systems they rely on fail to start. The disruption that truly unsettles care is not the clinical emergency they are ready to manage, but the breakdowns of infrastructure that slow their ability to help.
Medicine is now digital. Electronic medical records (EMRs), telehealth, and AI shape everyday care, and more hospitals leave paper behind each year. These tools bring convenience, speed and access, but they also widen the surface for malware and other cyber threats.
Healthcare in focus: Understanding cyber risks and their reach
Healthcare is both highly targeted and uniquely sensitive. The smallest disruption in a hospital can ripple through patients, families and staff and even spill over to neighbouring clinical facilities, straining their capacity as demand surges.
Globally, healthcare accounted for 5% of incidents investigated in 2024, ranking seventh among industries. In the last decade, the number of reported hospital cyber-attacks tripled in the United States. At EU level, ENISA’s latest Threat Landscape counted 487 health-sector incidents. Within ransomware events across sectors, health accounted for 8%, making it one of the more affected sectors.
France’s Digital Health Agency (ANS/CERT-Santé) recorded 749 incidents in 2024, up 29% from 2023 (581), with credential theft, ransomware and account compromise prominent in the mix. However, the number of major, high-impact cases fell slightly year-on-year, which shows preparation works (proactive alerts, audits and crisis exercises), but persistent weaknesses mean the pressure remains high.
Where hospitals are most exposed
Most hospital incidents start with simple oversights: a phishing email that slips through, a password left unchanged, or an exposed interface that should have been hidden. Increasingly, unintentional data leaks multiply with the spread of generative-AI tools.
Attackers look for the quickest path to apply pressure; if a flat network or a forgotten remote access service offers it, they will take it. Once inside, they move laterally across interconnected environments that blend clinical IT, connected medical devices (IoMT) and operational technology such as HVAC, access control and lighting.
- People and identity. Phishing and the use of valid accounts remain common starting points, now often polished with generative AI. Multi-factor authentication, privileged-access hygiene and routine credential audits are no longer optional.
- Clinical and connected devices. Complex fleets, long lifecycles and patching constraints create blind spots. Regulators have warned about exploitable vulnerabilities in common monitors; inventory, network-based monitoring and isolation reduce the blast radius.
- Building Management Systems (BMS) and Operations Technology (OT). Hospitals rely on smart infrastructure for air, power, access control and fire safety. These systems are increasingly connected and, if unmanaged, increasingly reachable. Recent reports show exposed BMS interfaces and known flaws exploited by ransomware. OT must be treated as part of cyber risk, not as a separate world.
Cybersecurity best practices in healthcare
The wider and more digitised the estate, the more important visibility, segmentation and response become.
- Know your estate. Keep live, risk-ranked inventories across IT, IoMT and OT, plus a simple register of approved AI/SaaS and the data they touch.
- Segment with intent. Separate clinical, BMS/OT and office networks. Enforce least privilege, tighten remote and third-party access, and set sensible outbound data controls.
- Monitor what matters. Bring together endpoint, network and OT signals and triage by impact on care. Spot identity misuse and unusual data movement early.
- Prove you can recover. Keep immutable, offline copies. Run regular restore drills and maintain degraded-mode playbooks. Store protected baseline configurations for EMR, BMS and identity systems offline.
- Train everyone. Short, role-based refreshers beat long annual courses. Cover phishing, social engineering and simple rules for safe chatbot use.
- Prepare for rules and resilience. Align with NIS2 as national rules are finalised; in France, use CaRE funding for continuity and recovery. Pair cybersecurity with power, HVAC and other critical-utilities resilience.
Costs justify the effort. Worst-case bills can run to €10 million for crisis and remediation, plus up to €20 million in lost revenue in severe cases. That is before reputational damage and staff fatigue are factored in.
How we improve flow, without disrupting care
At Equans, we bring together the people who run buildings, the teams who secure networks and the engineers who integrate systems in a single programme built around clinical reality, so theatres stay open, diagnostics stay online and patient journeys remain smooth.
- Design & engineering that bakes in safety and compliance from day one.
- Installation & commissioning with secure configurations and “soft-landing” support for your technical teams.
- Operations & facilities management tuned to patient flows and staff workflows.
- Digital & cybersecurity spanning IT, IoMT and OT, with guardrails for approved AI tools, protection of sensitive data and reliable information for faster decisions.
- Resilience & decarbonisation so essential services continue – while costs and carbon fall – even under stress.
Our role is to turn these principles into a practical programme, make decisions clear, investments targeted and handovers clean.
- Live mapping of assets and data routes across IT, IoMT and OT, plus a register of approved AI tools, to prioritise risks and investment.
- Risk-based zoning and access patterns for clinical, plant and office networks, including secure vendor access and sensible outbound data controls for cloud services.
- Care-tuned monitoring and observability with runbooks, shared dashboards for estates and digital, and alerts aligned to clinical priorities.
- Resilient recovery by design: 3-2-1 backups, offline vaulting, regular restore exercises, and protected baseline configurations for EMR, BMS, and identity.
- People and practice: role-based exercises and short, just-in-time refreshers from porters to procurement to paediatrics, including clear guidance on safe chatbot use.
- Build it in: BIM-led security for new builds and refurbishments so controls align with plant and clinical layouts from first cable to commissioning.
- Compliance in operation: ANSSI, CaRE and NIS2 embedded in day-to-day processes, with clear evidence packs for audits.
Secure-by-design: the Grand Hôpital de Charleroi
Belgium's Grand Hôpital de Charleroi shows what "cybersecurity by design" looks like in practice. This 156,000 m² facility with 23 operating theatres and 32 intensive-care units was built as a connected, resilient system from day one. Thousands of access-control points, structured cabling, and high-availability power were all planned through BIM; not as tech for tech's sake, but as an architecture enabling strict zoning, clear baselines, and faster incident response across clinical and building systems.
Day to day, this means identity and network controls map directly to physical spaces and critical processes. Changes come with security defaults built in. Facilities and digital teams work from the same estate model. When alerts sound, everyone knows who decides what and which systems can safely go offline.
Moving cybersecurity from ground-level priority to background routine
The best and hardest moments of a shift should come from caring for people, not fighting systems. On a good day, everything that makes a hospital run goes unnoticed. When power, air, water, data and people move together, care flows: Pressure steadies in theatres, badge readers blink, records open, and plant rooms keep the building alive. Cybersecurity is why routine stays routine.
At Equans, we help you make practical choices, build resilient systems and train teams, so a hard day is never compounded by a crisis. Whether you are planning a new site, upgrading an existing one or reviewing compliance, we work with you and your partners to design technology that runs reliably in the background and cybersecurity that keeps it there, so care can flow as your first priority.
In Summary :
Hospitals are prime targets: healthcare combines high criticality and sensitive data, making cybersecurity failures directly life-impacting.
Most attacks start small — phishing, weak credentials, unpatched IoMT devices or exposed OT interfaces, but ripple quickly across hospitals.
People and identity remain the main entry points; multi-factor authentication and credential hygiene are non-negotiable.
Connected medical devices (IoMT) and building systems (BMS/OT) expand the attack surface and require visibility, monitoring and zoning.
Best practices include live asset inventories, strong segmentation, impact-focused monitoring, resilient backups and role-based training.
Compliance (NIS2, ANSSI, CaRE) and resilience planning are now essential parts of healthcare operations.
The cost of neglect is high: tens of millions in remediation, lost revenue and reputational damage.
Secure-by-design hospitals like Grand Hôpital de Charleroi prove that embedding cybersecurity from day one ensures smoother care delivery and crisis readiness.
