Hospital cyberattacks and the identity gap teams are missing

TL;DR: Hospital cyberattacks rose 74% in Germany from 2020 to 2024, while ransomware cases have repeatedly disrupted care, forced patient diversions, and created legal and financial exposure, according to Imprivata. The core issue is not just resilience but identity governance for legacy systems, connected devices, and privileged access across healthcare environments.

NHIMG editorial — based on content published by Imprivata: hospital cyberattacks, healthcare identity risk, and regulatory implications

By the numbers:

• In Germany, the number of successful cyberattacks rose 74% from 2020 to 2024.
• In a 2017 survey, two thirds of German hospitals said they had already been the victim of a cyberattack.

Questions worth separating out

Q: How should hospitals reduce cyber risk without disrupting patient care?

A: Hospitals should reduce risk by separating clinical workflows from administrative access, reducing shared credentials, and controlling access to connected devices and legacy systems.

Q: Why do connected medical devices increase hospital cyber risk?

A: Connected medical devices increase risk because they expand the identity perimeter and often rely on persistent credentials or weak segmentation.

Q: What breaks when privileged access is not tightly controlled in hospitals?

A: When privileged access is not tightly controlled, attackers can alter systems, disable safeguards, or reach sensitive data faster than defenders can respond.

Practitioner guidance

• Separate clinical and privileged access paths Create distinct access routes for routine clinical use and administrative tasks, and require logging for every elevated session.
• Inventory device and service identities across the hospital network Map which medical devices, workstations, and backend services hold credentials, what systems they can reach, and which vendors or teams manage them.
• Use privileged access controls for administrative accounts Apply session recording, just-enough access, and real-time monitoring to accounts that can alter infrastructure, patient systems, or security settings.

What's in the full article

Imprivata's full article covers the operational detail this post intentionally leaves for the source:

• The specific hospital risk scenarios behind legacy infrastructure exposure and clinical downtime
• The article's discussion of legal and regulatory obligations in Germany, Switzerland, Austria, and the EU
• Examples of how passwordless access and privileged access tooling are positioned for healthcare environments
• The financial and patient-safety impact narratives tied to notable hospital ransomware incidents

👉 Read Imprivata's analysis of hospital cyberattacks, access risk, and healthcare resilience →

Hospital cyberattacks and the identity gap teams are missing?

Explore further

View Full Forum →  |  NHI Foundation Course →