In brief: Healthcare facilities underestimate their IT security risks, while NIS2 compliance and outdated medical equipment intensify challenges for CISOs.
Ransomware attacks, outdated medical technology and staff shortages are worsening the IT security situation in European healthcare facilities. Matthias Malcher, Senior Territory Manager Austria at ESET, warns against overestimating cyber resilience and explains new requirements from NIS2.
Cyber threats against hospitals and medical facilities are diverse and escalating. Ransomware campaigns are increasingly targeting healthcare infrastructure because these organizations operate under high pressure and attackers expect ransom transactions. There is also the problem of outdated medical equipment that has often been in use for years or decades and is difficult to patch without interrupting patient treatment.
According to Malcher, many hospitals significantly underestimate their actual cyber resilience. They rely on fragmented security measures without having thoroughly tested the depth of attack scenarios. The shortage of IT security specialists is further exacerbating the situation: specialized security teams are rare while demands continue to grow. The new NIS2 Directive from the EU also requires healthcare facilities to demonstrate cyber resilience and conduct continuous risk monitoring.
The crucial shift lies in reprioritizing IT security. It can no longer be treated merely as an infrastructure issue, but must be anchored as a direct component of patient safety. A ransomware attack that cripples hospital operations is not an IT incident – it is a patient safety hazard. This perspective requires CISOs to be more deeply involved in governance decisions and clinical processes.
Source: itwelt.at · Published June 16, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification through Lumi News Pipeline v1.7.1.