September 26, 2025

Turning Security from a Policy into a Practice in Healthcare

From Policy to Practice

Healthcare workers have always focused on one mission: providing care. Policies have supported that mission by setting standards and guiding safe practices including in cybersecurity. However, the reality has shifted. With attackers now directly targeting hospitals and health systems, staff are forced to balance caring for patients with defending against cyber threats, an unfair but unavoidable burden.

That’s because today’s threats aren’t limited to stealing data, though that remains a huge risk. Healthcare data is among the most valuable commodities on the dark web, and when it’s stolen the privacy impact is widespread. Healthcare facilities' reputation are affected. Healthcare services are impacted and slowed. There are significant financial costs associated with breaches; the healthcare industry globally ranked the highest at an average US$9.77Million per breach in 2024. But overall, trust is broken. 

Imagine being told that your Protected Health Information/medical record is stolen. All of the details that you expected to remain confidential between you and your practitioner have been exposed. At the same time, attackers are escalating from data theft to disrupting services, shutting down care, and putting patients directly at risk. In healthcare, cybersecurity is not just an IT issue. It’s a patient safety issue, an operational continuity issue, and a trust issue.

I recently interviewed Trecia Knight, Information Security Consultant with over 15 years of experience in Information Security, about how the threat landscape is shifting, where the biggest risks are, and how organizations can put security into practice. Here’s what I learned.

Trecia Knight, Information Security Consultant

When Cyberattacks Hits Care, Not Just Data

For years, healthcare security conversations focused on data breaches such as stolen health records sold on the dark web. That risk hasn’t gone away. What has changed is that attackers are no longer stopping at data theft. Increasingly, they are also disrupting operations locking systems, delaying care, and eroding public trust.

Ransomware is the top concern. And it’s no longer opportunistic, Knight explained that it’s professionalized through ransomware-as-a-service (RaaS). Attacks are more targeted, more precise, and far more damaging. The SickKids Hospital attack in 2022 showed how quickly patient care can be disrupted when critical systems are locked.

 “The threat landscape has evolved from data theft to disrupting physical operations and eroding public trust.”

Other threats are emerging too:

  • AI-powered attacks that adapt faster than human defenders.

  • Deepfakes and social engineering that trick even experienced staff.

  • Nation-state campaigns targeting operational technology (OT) and legacy SCADA systems that were never designed for today’s cyber risks.

Visibility First, Then Vulnerability Management

“You can’t protect what you don’t know exists.” That was Knight’s way of underlining the first step in defending healthcare environments: asset visibility.

Hospitals are full of devices, some modern, some decades old, and many are mission-critical. Without an accurate inventory, vulnerabilities go unseen.

 “Asset visibility and accurate inventory are foundational — organizations can’t protect what they don’t know exists.”

Once visibility is in place, the focus turns to risk-based prioritization: patching the right things first, guided by real-world threat intelligence. In IT environments, automation helps. In OT environments, patching has to be managed carefully to avoid disruptions.

The last piece is collaboration. IT and OT teams can’t work in silos anymore. If they don’t align, attackers will find the gaps between them.

Security Without Disruption

This is the heart of healthcare cybersecurity: finding the balance. You can’t deploy security controls that disrupt operations because those operations directly impact patient care.

The solution is prioritization, protect the most critical vulnerabilities first, layer in safeguards and never design controls in a vacuum.

“Balancing security with operational continuity is critical, especially in healthcare, where any disruption can directly affect patient safety and care delivery”

Equally important is teamwork. Clinical staff, biomedical engineers, and IT security teams must work together. When they do, security becomes part of care delivery, not an obstacle to it.

Where AI and Automation Fit In

Attackers are already using AI. They’re scaling attacks, evading detection, and moving faster than before. Defenders have to use AI too.

 “These (AI) tools augment security teams and help improve overall security posture; however, they don’t replace the need for strong policies, cross-team collaboration, and continuous monitoring to keep systems safe.”

Healthcare organizations are turning to SIEM, EDR, and SOAR tools to catch unusual behavior, reduce noise, and respond faster. These tools don’t replace human teams but they extend their reach.

Managing Third-Party Risks

Like many sectors, healthcare relies on a wide range of vendors, from IT service providers to cloud platforms to medical device suppliers. These partnerships are essential to delivering care, but they also expand the attack surface and introduce new risks that need to be managed.

The best approach is to treat vendors like part of the ecosystem:

  • Assess them before onboarding.
  • Bake security requirements into contracts.
  • Monitor them continuously.
  • Involve them in incident response planning.

One weak link can jeopardize patient safety. Vendor management has to be as rigorous as internal defenses.

Resilience Means Practicing the Plan

An incident response plan that lives in a binder is useless. Resilience only comes when plans are tested, refined, and practiced.

 “Having an up-to-date incident response and recovery plan is critical to protecting patient safety and keeping operations running smoothly.”

That means:

  • Keeping playbooks current.
  • Making communication channels crystal clear.
  • Running tabletop exercises so everyone knows their role.
  • Coordinating across departments and vendors.

Culture Is as Important as Technology

Security awareness isn’t about endless training slides or technical jargon. It’s about making security relevant to daily work.

Knight described a simple approach: use real-world examples, connect security to what people care about, and build trust. Just as important is to create a no-blame environment. If someone clicks on a phishing link, they should feel safe reporting it. Shaming slows down response.

When security becomes part of the culture, everyone contributes. And in healthcare, that collective vigilance makes all the difference.

The Next Five Years

Looking ahead, Knight predicted the biggest challenge will be AI-powered attacks on OT systems. Many of these systems are legacy platforms, increasingly connected to IT and the internet, and inherently vulnerable.

Preparing for this future requires:

  • AI-enhanced detection.
  • Strict IT/OT segmentation.
  • Zero-trust architectures.
  • Regular resilience exercises.

Responsible AI in Healthcare

AI isn’t just a threat. It’s also transforming healthcare from diagnostics to predictive care. But without governance, it risks undermining patient trust.

Knight highlighted three must-haves:

  • Privacy-by-design baked into systems.
  • Explainable AI that staff can understand.
  • Regulations tailored to AI in healthcare.

Responsible AI isn’t optional in healthcare. It’s the only way to balance innovation with trust.

Healthcare’s Unique Challenges

Healthcare faces a combination of challenges that make cybersecurity especially tough:

  • Legacy medical devices that are not up-to-date but remain essential.
  • Rising ransomware and privacy attacks.

The solutions need to be practical and operationally aware. Better monitoring for older devices, network segmentation, stronger vendor controls, and AI-assisted detection are all critical. But above all, security solutions must protect without disrupting care.

Conclusion: Security in Practice

This conversation with Information Security expert, Trecia Knight reinforced a simple but powerful truth, cybersecurity in healthcare is not only about policy. It’s about practice.

Policies set the rules, but practice brings them to life. Together, they build resilience, strengthen culture, and keep patients safe. When both work hand in hand, every person has a role in protecting care.

The threats are growing from ransomware, AI-driven attacks, deepfakes, supply chain risks. But healthcare organizations don’t have to be passive targets. With visibility, collaboration, automation, resilience, and culture, security can move from being an abstract compliance requirement to being part of the fabric of care.

Christine Byrd
Security Operations Manager

Don't miss these stories:

October 1, 2025
From Tool Sprawl to True Clarity: Why Continuous Threat Exposure Management is the Next Big Shift

CISOs are drowning in tools that don’t integrate or speak the language of business impact. In this blog, we unpack Continuous Threat Exposure Management (CTEM): why it’s rising, how it differs from reactive security, and how a liability-first mindset reframes board conversations. It closes with practical first steps to get moving.

September 11, 2025
When AI Defends and Attacks: Lessons from the Cyber Breach on Canada's Parliament

The August 2025 cyber breach of Canada’s House of Commons exposed sensitive staff data and highlighted a troubling reality: artificial intelligence is reshaping cyber warfare. Attackers now move at machine speed, exploiting vulnerabilities within days and weaponizing stolen data through AI-driven phishing, ransomware, and deepfakes. Yet the same technology offers defenders new tools for anomaly detection, real-time response, and predictive modelling. This incident is a wake-up call for Canada and other democracies to strengthen AI-powered defences, close governance gaps, and treat cybersecurity as a pillar of national security.

September 4, 2025
Canada at the Crossroads: From Regional Defender to Global Cybersecurity Leader

Canada is at a turning point in global cybersecurity. Backed by strong alliances, research excellence, and trusted neutrality, Canada has the chance to move from reliable partner to international leader. This article explores how the new National Cyber Security Strategy positions Canada to lead on AI ethics, quantum resilience, and critical infrastructure protection, while confronting challenges in talent, regulation, and visibility.

Call Us Email Us LinkedIn
Services
Cybersecurity SolutionsPhysical Security SolutionsPayment Solution
Links
Accessibility PlanBlog

Copyright 2024 © All rights Reserved.

1951 Eglinton Ave W Suite 201 Toronto,ON, M6E 2J7