The increase of cyber-attacks around the world poses a challenge for all organisations that hold sensitive information. The healthcare industry in particular is a vulnerable sector when it comes to data. In the last couple of years, multiple large hospitals have been hit by cyberattacks, shutting down the UMCG in Groningen and the UHS in the United States. It’s becoming increasingly more important for healthcare organisations to improve their cyber security.

Why Cyber Criminals Target the Healthcare Industry

The main reason why cyber criminals target the healthcare industry is for financial gain. Health records contain a lot of sensitive and valuable personal information, like addresses, payment information, and social security numbers.

Healthcare organisations also tend to be a relatively easy target for cybercrime. A large number of medical devices still run on outdated operating systems, which makes them vulnerable to cyber-attacks.

The Cyber Security Risks in Healthcare

Being hit by a cyber-attack is extremely costly. According to IBM, the average total cost of a data breach globally is $4.35 million. In the US it’s even more than double the cost. The healthcare industry gets hit the hardest, with an increase of 42% since 2020 (as per 2022). For over a decade, the healthcare industry has had the highest cost of any industry for data breaches.

Not only are cyber security risks costly, but in the healthcare industry, having IT systems operational without interruptions can literally be a matter of life or death. It can be dangerous when critical procedures need to be scaled back or even completely halted.


One important trend in technology as a whole, but also specifically in healthcare is the Internet of Things (IoT). Since many personal medical devices are now connected to the internet, there are more ways for cyber criminals to breach a network. Each device is an entry-point to the larger infrastructure, and poses a risk.

For this reason, it’s important for healthcare organisations like hospitals to keep an organised inventory of their internet-connected devices and to make sure they’re all secure.

NIS2 and Its Consequences for the Healthcare Industry

Not only do healthcare organisations have to keep their cyber security optimised for practical and financial reasons, but they also have to comply with laws. Processing health records in large quantities brings a lot of responsibility to healthcare organisations.

Since health records and the communication between patients and doctors is becoming more digital, EU legislators want to leave no stone unturned when it comes to the health sector.

NIS2 is a EU Directive that functions as the main framework for legislation on cyber security in the EU. It provides legal measures to boost the overall level of cyber security in all of the Member States, within multiple sectors - including healthcare. NIS2 entered into force on 16 January 2023, and Member States have until 17 October 2024 to transpose its measures into national law.

NIS2 is the successor of the NIS Directive. NIS2 has broadened the scope of the original Directive, introducing many additional requirements for the healthcare industry. Manufacturers of medical devices, for example, now also fall under the scope of this Directive.

Secure Connectivity for the Healthcare Industry

Arcadiz offers the highest availability and largest capacity in the connectivity market. We are ISO 9001 and 27001 certified and we meet the international standard for quality management. We guarantee our clients an uptime of 99.9995%.

Arcadiz's data centre interconnectivity solutions and managed connectivity services provide healthcare organisations with an infrastructure with low latency, high availability, and world-class security.

Contact us to learn more about how we can help you stay secure and connected.