Below, Ty Greenhalgh, industry principal of healthcare at Claroty, explores key cybersecurity challenges and actionable strategies for healthcare organizations as they prepare to defend against emerging threats in 2025.

24×7 Magazine: How can healthcare organizations take actionable steps to shift from reactive to proactive cybersecurity in 2025?

Ty Greenhalgh: In 2025, healthcare organizations can operationalize the shift from reactive to proactive cybersecurity strategies by implementing continuous monitoring and threat intelligence solutions. These tools enable real-time detection of anomalies and potential threats, allowing swift action before incidents escalate. Adopting a zero-trust architecture ensures that all users, whether inside or outside the network, are continuously verified. 

Regularly updating and patching systems, conducting frequent security audits, and investing in employee training programs to recognize phishing attempts and other common attack vectors are also crucial steps. Additionally, leveraging advanced threat detection tools can help identify weak encryption, insecure communication protocols, and outdated certificates, thereby improving overall resilience against social engineering threats.

24×7: What strategies can healthcare organizations use to make systems harder targets as ransomware attacks grow more impactful?

Greenhalgh: To make systems more difficult targets for ransomware attackers in 2025, healthcare organizations should focus on robust backup and recovery solutions. Regularly backing up data and storing it in secure, off-site locations can mitigate the impact of ransomware attacks.

Implementing multifactor authentication across all access points adds an extra layer of security, making it harder for attackers to gain unauthorized access. Network segmentation helps limit the spread of ransomware within an organization. Conducting regular penetration testing and vulnerability assessments enables organizations to identify and address potential weaknesses before they are exploited.

24×7: How can tools like deep packet inspection demonstrate ROI through cost savings or operational benefits in healthcare?

Greenhalgh: Advanced tools like deep packet inspection (DPI) deliver measurable cost savings and operational benefits in healthcare settings by enhancing network visibility and security. By analyzing network traffic in real time, DPI enables early detection and prevention of malicious activities, reducing financial losses from breaches, legal fees, and reputational damage. Additionally, DPI optimizes network performance by identifying and mitigating bandwidth-intensive applications, improving operational efficiency. These benefits demonstrate a strong ROI, as DPI minimizes risks while enhancing healthcare network efficiency.

24×7: How can AI-driven asset management transform healthcare cybersecurity, and what barriers might hinder implementation?

Greenhalgh: AI-driven asset management solutions are set to transform cybersecurity operations in healthcare by providing real-time insights into the status of connected devices. AI can automate asset identification and classification, detect vulnerabilities, and predict potential threats, enabling faster and more accurate responses.

However, barriers to implementation include the high cost of AI technologies, the need for skilled personnel to manage and interpret outputs, and concerns about data privacy and security. Overcoming these challenges requires investment in training, robust data governance policies, and partnerships with solution providers to tailor technologies to healthcare needs.

24×7: What best practices can secure critical healthcare supply chain dependencies considering incidents like the Change Healthcare attack?

Greenhalgh: To secure critical supply chain dependencies in 2025, healthcare organizations should adopt comprehensive supply chain risk management practices. Thoroughly assessing third-party vendors to identify vulnerabilities and implementing stringent security requirements for partners is essential. Regularly updating and testing incident response plans ensures preparedness for supply chain disruptions. Building strong relationships with suppliers and maintaining open communication channels are also crucial for quickly addressing and mitigating emerging threats.

Identifying and securing critical choke points within the supply chain is vital to minimizing disruptions and safeguarding essential resources. The attack on Change Healthcare demonstrated how a single vulnerability can cripple essential services, while similar incidents involving Octapharma, OneBlood, and Synovus highlight the devastating effects on lab work, blood transfusions, and testing services.

24×7: How can healthcare organizations manage third-party access to reduce breach risks, and what tools or frameworks can help?

Greenhalgh: Healthcare organizations can better monitor and manage third-party access by implementing robust third-party risk management frameworks. Tools such as vendor risk management platforms provide continuous monitoring of third-party activities and compliance with security standards. Implementing strict access controls, such as least privilege access and MFA, ensures that third parties only have access to necessary information. Regular audits and assessments of third-party security practices help identify and address potential risks. Using security information and event management systems can also provide real-time alerts on suspicious activities, enabling prompt responses to potential breaches. 

24×7: As part of the HHS Healthcare Sector Council Cyber Working Group, how are you addressing the unique challenges faced by underserved healthcare providers in enhancing their cybersecurity posture?

Greenhalgh: The HHS Healthcare Sector Council Cyber Working Group addresses the challenges faced by underserved healthcare providers by advocating for increased funding and resources dedicated to cybersecurity. Providing access to affordable training and education programs helps these providers build internal expertise. The working group also promotes shared cybersecurity services, such as threat intelligence-sharing platforms, which smaller organizations can leverage. Collaboration with public and private sector partners ensures tailored solutions that meet the unique needs of underserved providers.

24×7: What strategies effectively secure legacy medical technology while maintaining patient care?

Greenhalgh: Managing and securing legacy medical technology in a cost-effective way requires a combination of strategies. Network segmentation can isolate legacy systems from the rest of the network, reducing the risk of widespread breaches. Virtual patching solutions provide temporary protection against known vulnerabilities when traditional patching is not feasible. Maintaining an up-to-date inventory of legacy devices ensures risks are continuously monitored and managed.

Additionally, endpoint detection and response solutions offer real-time threat monitoring for legacy systems without significant financial investment. Recent industry surveys highlight the critical need to address vulnerabilities in cyber-physical systems (CPS). A Claroty survey revealed that 27% of organizations utilizing CPS reported losses exceeding $1 million in the past year due to cyberattacks on medical devices, IoT devices, and building management systems.