Prescriptions for data security in healthcare

According to the Data Security Council of India, healthcare is the country’s most targeted sector for cyberattacks. The rapid digitisation of patient records, increased use of connected medical devices, and growing integration of AI and cloud technologies have opened new avenues for cybercriminals. Meanwhile, rising merger and acquisition (M&A) activity has added complexity to IT environments, making security more challenging as workloads shift to the cloud.

The sophistication of these attacks threatens patient privacy, operational continuity, and the integrity of medical systems. Protecting sensitive data in the cloud has never been more urgent.

Mergers, medical devices, and expanding attack surfaces

M&A activity is accelerating as healthcare organisations seek better operational scale, financial viability, and service integration. A PwC report found that 86 per cent of healthcare CEOs plan to acquire one or more businesses in 2025. While beneficial for growth, these deals also expand and diversify IT infrastructure, complicating security for sensitive data and intellectual property.

Integrating different systems, applications, and medical devices—each with varying cybersecurity standards—widens the attack surface. Gaps in security protocols can leave data exposed, while legacy systems and unpatched devices introduce new attack vectors.

Connected medical devices make up 30 per cent of India’s medtech market. From pacemakers to AI-driven diagnostics and remote monitoring tools, these devices generate vast amounts of patient data but often lack robust cybersecurity protections. Threat actors can exploit these vulnerabilities to manipulate devices, steal patient data, or deploy ransomware.

Continuous monitoring across networks, devices, and cloud environments is critical to detect unauthorised access and mitigate risks. Organisations must implement real-time visibility solutions and data security posture management to protect patient data.

AI in healthcare: Promise and peril

AI is transforming healthcare by enabling faster diagnoses, personalised treatments, and better patient outcomes. However, adversaries can exploit AI models by altering input data, leading to misdiagnoses and incorrect treatments. For example, manipulating an AI-driven diagnostic tool could prevent it from detecting diseases or cause it to misclassify conditions.

AI deployed in cloud environments introduces additional risks. Misconfigurations can expose sensitive patient data and diagnostic results. In multi-cloud setups, healthcare providers must prioritise fixes based on the attack pathways most likely to compromise critical data.

Strengthening cyber resilience

To reduce cyber risk, healthcare organisations need analytics-driven, cloud-based security solutions. A unified platform combining threat intelligence, vulnerability management, cloud security, and identity protection can provide critical context for prioritising security gaps.

This is the essence of exposure management—understanding how assets, devices, and users interact to identify and address the most pressing security risks. Having a clear view of cloud interactions significantly reduces exposure.

Because it’s easier to change a car’s tire in a garage than on the side of the road in the rain, healthcare providers must proactively fortify their cybersecurity defenses. This means implementing robust security practices, conducting frequent risk assessments, and continuously monitoring digital assets.

Medical devices, AI systems, and IoMT networks are not just tools—they are potential vulnerabilities. Securing them is essential to protecting patient data, maintaining trust, and ensuring the future of healthcare. A culture of vigilance and preventive security is no longer optional—it is imperative.

References: 

1. https://www.dsci.in/resource/content/india-cyber-threat-report-2025
2. https://www.pwc.com/gx/en/services/deals/trends/health-industries.html
3. https://www.pwc.com/gx/en/services/deals/trends/health-industries.html
4. https://www.indembassybern.gov.in/docs/Medtech-Report-India.pdf