Cybersecurity has been an ongoing concern for the healthcare industry, but with the expansion of telemedicine and increased use of internet-connected medical devices, cyber threats have surged. According to a recent study, U.S. healthcare cyberattacks increased over 55% in 2020, with an estimated impact to the sensitive information of nearly 26 million people.

Why are healthcare cyberattacks on the rise?

Healthcare organizations have become a desirable target of cybercriminals because of the vast amount of high-value information they possess—protected health information (PHI), personally identifying information (PII) such as Social Security numbers, and intellectual property related to medical research and innovation.

In fact stolen health records are worth between 10 and 40 times more than credit card numbers on the dark web. Unfortunately for healthcare organizations, the financial implications of a data breach are now higher than any other industry—2020 figures show an average price tag of $7.13 million per breach.

Historically, the healthcare C-suite has viewed cybersecurity as a purely technical issue falling under the domain of their IT departments. Rather, it should be viewed as a patient safety, enterprise risk, and strategic priority for the business, particularly in light of the industry’s accelerated pace to move traditional on-premise systems (EHR, radiology information, practice management, e.g.) to the cloud and to adopt Internet of Medical Things (IoMT) technologies.

IoMT technologies provide hackers with more entry points

Like their manufacturing and utility industry counterparts, hospitals now have thousands of internet-enabled operational technologies in play that hackers can target, or use to gain access to critical information systems. These include patient monitors, imaging devices, infusion pumps, smart elevators, smart heating, ventilation and air conditioning (HVAC) systems, and others.

Beyond privacy penalties and potential harm to its reputation, a healthcare organization now grapples with the realization that attacks can jeopardize patient outcomes and delivery of care. Hackers’ access to private patient data not only opens the door for them to steal information, but to either intentionally or unintentionally alter the data, which could lead to serious effects on patient health and outcomes.

A devastating example of how malicious software attacks can cripple a healthcare system happened just last year. A Ryuk ransomware attack hit six U.S. hospitals in 24 hours, causing most to shut down their IT systems, divert ambulances, and postpone elective procedures and services. Hackers demanded more than $1 million from the unnamed hospitals and news reports suggest that some hospitals paid the ransom to unlock their systems.

The sad reality is that these hospitals and their care sites had some level of network protection. But without a broader view of security (going beyond just IT security), proactive monitoring of everything happening on a network, and safeguards on endpoint devices, healthcare organizations would continue to be at risk of compromise.

<<< Start >>>

Finding security controls that should be in place, but aren’t, is a solid first step to building a strong clinical security posture.

<<< End >>>

Practical approach to starting a healthcare security operations center

At our OT Cyber Fusion Center (CFC), we work with a variety of industries that struggle to start or improve their security practices to embrace both IT and operational technologies (OT). We most often hear: it’s too costly, we don’t know where to start, or we lack the resources to manage. Fortunately, there are practical, cost-effective measures one can take to overcome these hurdles.

Build a security business case that instills confidence

To help stakeholders build a business case to start or expand security operations, our OT CFC provides a fully functioning testing and staging facility that features real medical devices from multiple manufacturers, as well as networks and security applications already deployed with Accenture's leading practices. The OT CFC staging facility enables testing of use cases, tabletop exercises, next-generation architecture, and different security products before being implemented in a live environment.

A proof-of-concept is created with specific initiatives and quantified results for improving a hospital’s security posture. This becomes the business case needed to instill confidence among your board and staff that the security architecture proposed works and meets the needs of the organization, ultimately gaining the approval and budget needed to move forward.

Determine where to start by finding where you’re most vulnerable

It's important to know where your gaps are, and which ones need your attention. Finding security controls that should be in place, but aren’t, is a solid first step to building a strong clinical security posture. But with thousands of devices, numerous software programs, and possibly hundreds of extension care facilities in your network, knowing where to start first can be a daunting task.

Vulnerability scans can be a helpful first step. Our OT CFC security team, using our leading-edge vulnerability management platform, can connect to your network and helps identify the IT and OT systems connected to that network. For each device it identifies, the platform will build a more detailed picture of the software and operating system in use.

After building the inventory, the vulnerability scanner checks each item in the inventory against one or more databases of known vulnerabilities, FDA recalls, and system/software patches and updates. The final list of issues is then rank-ordered by level of risk to the organization.

From there, healthcare clients can use our OT CFC lab to safely test updates, upgrades, new technology, etc. before going live. In fact, we have clients who use our facility to test next- generation architecture for their sites. They have us set their specific devices and equipment in the lab, connect them all remotely, and then they can remote desktop in and do any type of testing.

When internal resources are limited, consider managed security services

Unfortunately, hiring and maintaining qualified cybersecurity professionals is a significant challenge for the security industry in general. Layer on the need for a security analyst who understands IT and OT and the hurdle gets higher. The solution is to outsource.

Because of the high demand for qualified IT/OT security specialists, we’ve made our OT CFC resources available as a Managed Security Service (MSS). You get access to a team that knows IT and OT technologies, as well as the unique security concerns of the healthcare industry. With access to the OT CFC’s testing facility, our cyber defense group can test patches, new equipment, and other changes before going live.

Learn more about how your hospital or healthcare system can use the OT Cyber Fusion Center.



Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Follow us @AccentureSecure on Twitter or visit us at

Accenture, the Accenture logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of Accenture and its subsidiaries in the United States and in foreign countries. All trademarks are properties of their respective owners. All materials are intended for the original recipient only. The reproduction and distribution of this material is forbidden without express written permission from Accenture. The opinions, statements, and assessments in this report are solely those of the individual author(s) and do not constitute legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or affiliates. Given the inherent nature of threat intelligence, the content contained in this article is based on information gathered and understood at the time of its creation. It is subject to change. Accenture provides the information on an “as-is” basis without representation or warranty and accepts no liability for any action or failure to act taken in response to the information contained or referenced in this report.

Copyright © 2021 Accenture. All rights reserved.

Justin Vierra

Security Delivery Senior Manager, Accenture

Subscribe to Accenture's Cyber Defense Blog Subscribe to Accenture's Cyber Defense Blog