Back

Healthcare OT Cybersecurity Gaps Threaten Patient Safety

Severity: Medium (Score: 51.9)

Sources: Darktrace

Published: 2026-06-09 · Updated: 2026-06-10

Keywords: healthcare, cybersecurity, think, securing, modern, hospital, attack

Severity indicators: ot, healthcare, hospital

Summary

Hospitals and healthcare systems increasingly rely on Operational Technology (OT) devices, yet many lack dedicated OT cybersecurity personnel. Research indicates that only one full-time employee (FTE) with OT cybersecurity certification was found among the top 20 U.S. hospitals, compared to 73 in utility providers. The lack of investment in OT security personnel is concerning, given the operational dependence on OT for patient care and safety. The healthcare sector has historically faced ransomware attacks that target data theft rather than OT systems, which may divert security investments. This trend raises significant concerns about the vulnerability of healthcare environments to cyber threats that could disrupt patient care and operational continuity. Key Points: • Only one OT cybersecurity certified FTE found among the top 20 U.S. hospitals. • Healthcare systems are increasingly reliant on OT devices like IoMT, impacting patient safety. • Ransomware attacks in healthcare often focus on data theft, diverting attention from OT security.

Detailed Analysis

**Impact** U.S. hospitals and healthcare systems employing IoMT and OT devices are at risk, with operational disruptions potentially impacting patient care and safety. Among the top 20 U.S. hospitals by market cap, only one full-time employee (FTE) with OT cybersecurity certification was identified, compared to 73 in the top 20 utility providers and 18 in financial institutions. The lack of OT security expertise increases exposure to attacks targeting operational technology, risking patient health information (PHI), payment card information (PCI), and personally identifiable information (PII). The convergence of IT, OT, and IoMT expands the attack surface across the healthcare sector nationwide. **Technical Details** Adversaries exploit unencrypted IoMT communication protocols such as HL7 and DICOM, which transmit sensitive health data in plaintext, enabling traffic sniffing and data interception. Attackers may leverage AI to chain vulnerabilities of varying severity, pivoting from traditional ransomware and data theft tactics toward targeting exposed OT devices and systems. No specific malware, CVEs, or IOCs were detailed in the articles. The attack vector focuses on network traffic interception and exploitation of underprotected OT and IoMT devices within hospital environments. **Recommended Response** Prioritize encryption of IoMT communication protocols like HL7 and DICOM to prevent plaintext data exposure. Increase investment in dedicated OT cybersecurity personnel with relevant certifications (GIAC GICSP, GIAC GRID, GIAC GCIP, ISA/IEC 62443) to develop and enforce OT security programs. Deploy network monitoring to detect anomalous traffic indicative of sniffing or lateral movement within OT environments. Monitor for emerging AI-driven attack patterns targeting OT systems, as specific patches or IOCs were not provided.

Source articles (2)

  • Healthcare OT Cybersecurity | Securing the Modern Hospital Attack Surface — Darktrace · 2026-06-09
    When most people think Operational Technology (OT) cybersecurity, they think oil & gas pipelines, utilities, manufacturing plants, or power grids. However, hospitals & healthcare systems have quickly…
  • Healthcare OT Cybersecurity | Securing the Modern Hospital Attack Surface — Darktrace · 2026-06-09
    When most people think Operational Technology (OT) cybersecurity, they think oil & gas pipelines, utilities, manufacturing plants, or power grids. However, hospitals & healthcare systems have quickly…

Timeline

  • Recent — Research reveals cybersecurity gaps in healthcare OT: Study shows hospitals lack dedicated OT cybersecurity teams, with only one certified FTE among top hospitals.
  • Recent — Comparison with utility providers shows disparity: 73 FTEs with OT certifications were identified in the top 20 U.S. utility providers, highlighting a significant gap in healthcare.
  • Recent — Ransomware trends divert security focus: Historical ransomware events in healthcare target data theft, leading to less investment in OT security.

Related entities

  • Data Breach (Attack Type)
  • Ransomware (Attack Type)
  • Brazil (Country)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • Energy (Industry)
  • Financial (Industry)
  • Financial Services (Industry)
  • Healthcare (Industry)
  • Manufacturing (Industry)
  • Utilities (Industry)
  • Dicom (Platform)
  • HL7 (Platform)
  • Darktrace (Tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed