TL;DR: Hospital cyberattacks rose 74% in Germany from 2020 to 2024, while ransomware cases have repeatedly disrupted care, forced patient diversions, and created legal and financial exposure, according to Imprivata. The core issue is not just resilience but identity governance for legacy systems, connected devices, and privileged access across healthcare environments.
NHIMG editorial — based on content published by Imprivata: hospital cyberattacks, healthcare identity risk, and regulatory implications
By the numbers:
- In Germany, the number of successful cyberattacks rose 74% from 2020 to 2024.
- In a 2017 survey, two thirds of German hospitals said they had already been the victim of a cyberattack.
Questions worth separating out
Q: How should hospitals reduce cyber risk without disrupting patient care?
A: Hospitals should reduce risk by separating clinical workflows from administrative access, reducing shared credentials, and controlling access to connected devices and legacy systems.
Q: Why do connected medical devices increase hospital cyber risk?
A: Connected medical devices increase risk because they expand the identity perimeter and often rely on persistent credentials or weak segmentation.
Q: What breaks when privileged access is not tightly controlled in hospitals?
A: When privileged access is not tightly controlled, attackers can alter systems, disable safeguards, or reach sensitive data faster than defenders can respond.
Practitioner guidance
- Separate clinical and privileged access paths Create distinct access routes for routine clinical use and administrative tasks, and require logging for every elevated session.
- Inventory device and service identities across the hospital network Map which medical devices, workstations, and backend services hold credentials, what systems they can reach, and which vendors or teams manage them.
- Use privileged access controls for administrative accounts Apply session recording, just-enough access, and real-time monitoring to accounts that can alter infrastructure, patient systems, or security settings.
What's in the full article
Imprivata's full article covers the operational detail this post intentionally leaves for the source:
- The specific hospital risk scenarios behind legacy infrastructure exposure and clinical downtime
- The article's discussion of legal and regulatory obligations in Germany, Switzerland, Austria, and the EU
- Examples of how passwordless access and privileged access tooling are positioned for healthcare environments
- The financial and patient-safety impact narratives tied to notable hospital ransomware incidents
👉 Read Imprivata's analysis of hospital cyberattacks, access risk, and healthcare resilience →
Hospital cyberattacks and the identity gap teams are missing?
Explore further
Hospital cyberattacks expose an identity governance problem, not just a resilience problem. The article shows that legacy systems, connected devices, and privileged access combine into a governance gap that attackers can exploit repeatedly. In healthcare, uptime pressure often keeps insecure access paths alive longer than they should remain. The practical conclusion is that clinical continuity depends on identity discipline as much as on backup and recovery planning.
A few things that frame the scale:
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which explains why identity blind spots remain a persistent control weakness in complex environments.
A question worth separating out:
Q: Who is accountable for cybersecurity failures in hospital environments?
A: Hospital leadership is accountable when cybersecurity controls fail, especially under regulations such as NIS2 and sector-specific security rules. Responsibility is no longer limited to the IT function because access control, recovery planning, and operational continuity affect patient safety. Boards and executives need evidence that identity controls are managed as part of enterprise risk.
👉 Read our full editorial: Hospital cyberattacks expose the identity gap in healthcare security