Platformization holds the key to shifting from treatment to prevention in healthcare

Spokesperson: Tarek Abbas, Senior Director of Technical Solutions for EMEA South at Palo Alto Networks

The cybersecurity risks in the healthcare sector are truly unique.

While technology is critical to delivering improved patient care, healthcare organisations in the Middle East and around the world face a trivector of challenges; a vast attack surface, often out-of-date security software and the pressure of regulation. As a result, the stakes for security teams in the sector couldn’t be higher.

Looking from an attacker’s perspective, the Unit 42 2025 Global Incident Response Report found that 70% of the incidents that Unit 42 responded to last year occurred on three or more attack surfaces. With many of these threats increasingly powered by AI, defending healthcare providers and systems requires a comprehensive, simplified and sophisticated security posture.

But what measures can be taken to tackle these challenges? Platformization is the key to organisations being able to identify ways to consolidate, integrate and simplify security functions and vendors to reduce complexity and cost, while improving overall levels and outcomes of security.

Alongside a focus on early detection and prevention, platformization provides healthcare institutions with the capabilities to effectively predict and defend against cyber threats.

Investment is vital to counter these threats. The Gulf Cooperation Council (GCC) countries are making concerted efforts to boost their digital defences. By 2030, the cyber threat intelligence market in the Middle East is set to reach upwards of $31 billion, according to the World Economic Forum.

The focus on cyber investment in recent years has been partially fuelled in response to attacks. Key sectors in the UAE faced an average of 50,000 cyberattacks daily in 2024, according to the country’s cybersecurity authority.

Focusing on an AI-powered approach to security and therefore freeing staff resources to solve strategic challenges is critical to tackling healthcare’s most prevalent cybersecurity issues.

Challenge #1: A vast attack surface

From complex networks to unpatched devices – healthcare providers are often an open target – and if they’re hit, they will be hit quickly. Unit 42 found that the speed of cyberattacks is increasing with attackers now exfiltrating data three times faster than in 2021.

Specific to healthcare, a key issue is that while it used to just be the hospital itself that needed to be secure, with increased digitalisation and a move to the cloud, there is an increasing array of medical records, diagnostic results and Internet of Medical Things (IoMT) technology to consider too.

Looking at devices in particular – from ultrasounds to wearables and implantable devices – it is said that by 2026, more than 70% of medical devices will be connected digitally, increasing the attack surface significantly. The result is that devices are getting connected faster than they can be properly protected, creating an epidemic of exposed devices carrying critical healthcare data.

This is significant as Palo Alto Networks’ 2024 report on “The State of OT Security” revealed the estimated average cost of a single breach remediation for a connected asset (OT/Internet of Things (IoT)) is between US$10,000 and US$50,000.

Phishing remains the #1 entry point across industries. With AI making phishing campaigns scalable and harder to detect and defend against, healthcare has to tackle this and the ever-expanding attack surface.

Challenge #2: Out of date software

Not only is the number of healthcare devices creating complexity, but the lack of up-to-date security software within healthcare devices is a particular problem.

The lifecycle of devices is long and often the operating systems are not updated and security patches not applied. For example, there are still frequent instances of scanners and Magnetic Resonance Imaging (MRI) stations running on outdated software such as Windows 7 or Windows XP.

The reality is that updating devices is complex, and too often dependent on the manufacturer of the device. For example, in a case where there were 100 imaging devices with a vulnerability, the manufacturers were required to connect to the device by using a fixed password, in order to do maintenance. However, with that fixed password publicly available in the device user guide, anyone within the hospital network could extract the files and access them. This is a common issue and it makes the devices very easy to exploit.

From air filtration systems to the TVs in patient rooms, security policies are needed which can help to create a barrier against cyber attacks, before they even get in.

Challenge #3: Regulation

As in every industry today, those within healthcare have their eye on how incoming legislation may change compliance requirements. One area likely to receive increased regulatory attention is medical devices – a trend which will be especially pertinent for manufacturers.

For example, the UAE introduced the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS) in 2024. The legislation is designed to provide a comprehensive guide to healthcare entities and professionals for the regulation of the healthcare data in Abu Dhabi. The standard sets high levels of privacy and security of patients’ data in line with international standards.

In the context of regulation being developed globally, naturally, there are now dedicated companies that focus on digital public infrastructure (DPI), helping healthcare providers stay compliant with directives. But whilst these forms of specialised expertise are always important, the additional tools they require can add another layer of complexity to an organisation’s overall security posture. Should the amount of security products in use become excessive, healthcare providers could not only encounter increased difficulties in guarding against cyber risks, but also managing compliance.  

Lastly, at an operational level, one of the fundamental issues regarding compliance for healthcare providers centres on cost. Whilst new regulations are imposed to protect organisations and their stakeholders, they also incur an added expense which can prove to be a massive headache for providers with restricted budgets.

The solution:

The healthcare industry is increasingly putting a focus on the prevention of disease as opposed to solely focusing on treatment, and security approaches should mirror this.

It starts with an assessment. This could mean an organisation doing a tabletop exercise to gauge their response to a real-world cybersecurity incident. It could also involve creating a clear cartography of data and assets, making sure CISOs know how the organisation’s devices are used, by who, how and why.

But whilst these measures are beneficial for keeping up with adversaries, the priority for organisations should be geared towards staying one step ahead. This makes AI an essential component of cyber defense strategies, given its ability to proactively gather threat intelligence, detect incoming threats and most notably, guard against AI-based attacks – which have become increasingly prevalent in recent years. This also heightens the importance of recruiting personnel with the skillset to optimise and effectively manage the full benefits of AI-based defence systems.

Equally, for organisations that have undertaken cyber risk assessments, what we often see come to light is a high number of security gaps from having too many disparate solutions.

By focusing on identifying ways to consolidate, integrate and simplify security functions, organisations can improve overall levels of security without adding to the time needed to manage multiple providers.

Considering the pressure on security teams today, a platformed approach will not only deliver a cutting-edge and state of the art, AI-powered security posture, but they’ll be better able to allocate staff resources within security teams to strategic priorities for the business.

Of course, budget is needed to do this, rather than the task continuing to be for security teams to do more with less. That said, through consolidation, every dollar spent will go that bit further.