Risk Ready Podcast: Cyber Risk in the Healthcare Sector

 
Healthcare organisations are under growing pressure to protect sensitive patient data, maintain operational continuity, and navigate a rapidly evolving digital landscape. With high-value data, complex networks and infrastructure, and a web of third-party relationships, the sector faces unique cyber challenges.

“We’re going to unpack the current threat landscape, explore how digital transformation is reshaping risk, and dive into what true cyber resilience looks like in practice,” explains Bex Woodiwiss.

The Threat Landscape in Healthcare

Healthcare is a prime target for cyber-attacks. Thomas Tracey notes, “The healthcare sector’s threat landscape is quite unique, but this can also make it quite challenging.” He highlights several critical factors:

• Many healthcare providers struggle with limited IT sophistication and ongoing talent shortages. According to Aon’s Global 2025 Cyber Risk Report, On average, cybersecurity budgets in the sector are typically low, only about 7% of IT spend^[1].
• Legacy infrastructure and fragmented systems are common, and these often lack modern controls like encryption, multi-factor authentication, and centralised logging. High value and difficult-to-remediate data

These issues mean healthcare consistently ranks among the top targets for ransomware gangs, with attacks often resulting in serious operational, financial, and reputational consequences.

Digital Transformation and Changing Risks

Healthcare is experiencing rapid digital transformation, including the adoption of telehealth, hybrid cloud solutions, and connected medical devices. “Every new digital touchpoint expands the attack surface for cyber threats,” says Thomas. The pace of innovation often means security is playing catch-up, giving rise to emerging risks such as vulnerabilities from artificial intelligence and challenges in integrating legacy systems.

Third-Party Risk

A significant portion of healthcare breaches—over 55%—involve third parties. “Healthcare organisations rely heavily on third parties, from software vendors to cloud providers,” Bex points out. Thomas adds, “Third-party risk is a significant concern for the healthcare sector, as external partners can often lack robust cyber maturity themselves. ” Mergers, acquisitions, and the complexity of vendor relationships further complicate risk management.

Building Real Cyber Resilience

Building resilience is challenging due to regulatory complexity, sector-wide maturity gaps, and high claim risks. Thomas emphasizes, “Cybersecurity is often seen as a cost rather than an enabler, although this perception is changing.” Many organisations still lack basics like off-site backups, incident response plans, and multi-factor authentication.

What Good Looks Like

Effective cyber risk management in healthcare is “all about being proactive and holistic,” Thomas advises. Key steps include:

• Proactive vendor management and due diligence
• Strong data protection and encryption practices
• Security awareness and phishing training for staff
• Clear, tested incident response plans
• Quantifying potential losses through data and analytics
• Treating cyber insurance as a strategic tool, not a substitute for controls

Listen on Simple cast

Thank you for tuning in to “Risk Ready.” We hope today’s episode provided valuable insights into managing risks and understanding the insurance solutions available to your industry. Remember, being risk-ready is key to sustaining and growing your business. Stay connected with us for more expert advice and discussions on the challenges and opportunities facing businesses today.

References 

[1] Third-Party Risks Can Create Cyber Challenges for Healthcare – Aon Global 2025 Cyber Risk Report