Gyala recognized as  Sample Vendor in the Gartner's document“Emerging Tech: AI in CPS Security”  Read

Cyberattacks on hospitals:

How to Protect OT/IoT and Eliminate Direct Risk to the Patient

Article by ForumPA

Italian healthcare is in the global crosshairs of cybercrime, with attacks nearly tripling over the last 5 years, according to Clusit data. The threat goes beyond data theft, directly impacting operational continuity and patient safety. The main vulnerabilities are the massive adoption of OT/IoT technologies (which expose vital electromedical devices) and the Supply Chain (often a vector for infiltration due to remote supplier access). In the face of emerging threats such as DDoS attacks from hacktivism, an integrated approach (IT, OT, Supply Chain) and investment in sovereignty solutions for asset discovery and secure access management are indispensable, in line with the NIS 2 directive.

Healthcare in Italy is a Critical Sector and Vulnerable to Cyber Threats.
The consequences of a cyberattack go far beyond the mere protection of data, directly threatening operational continuity and patient safety.

A Sensitive Context Under Constant Attack

The healthcare sector is globally in the crosshairs. According to Clusit data, in the past 5 years, global cyber incidents have nearly tripled, rising from 200 cases in 2020 to 471 in 2024, despite a slight slowdown in growth (from +30.3% in 2023 to +18.9% in 2024).

An emerging factor, observed in the first quarter of 2025, is the anomaly in the type and geography of the victims. Clusit has noted a significant increase in DDoS (Distributed Denial of Service) attacks, attributable to hacktivism phenomena, and a significant geographic shift toward Asia.

These data indicate that healthcare, while still dominated by ransomware and cybercrime attacks (99.4% of attacks in 2024), must now also face new emerging threats, against which facilities are generally less prepared. Although DDoS attacks have moderate operational impacts, incidents attributable to hacktivism compromise not only operations but also the reputation of healthcare facilities.

Structural Vulnerabilities: OT/IoT and the Supply Chain

The threat to healthcare is amplified by two key vulnerabilities:

  • Clinical risk from OT and IoT. The growing digitalization and massive adoption of OT (Operational Technology) and IoT (Internet of Things) technologies in the hospital context expose to extremely pernicious effects. An attack can disrupt not only the availability of information but also the functioning of electromedical devices essential for diagnostics and care, endangering patients’ lives and hindering emergency management. The complexity of OT/IoT infrastructures, often with legacy components not designed for security, expands the attack surface.
  • The Supply Chain as an infiltration vector. A significant portion of breaches derives from the supply chain. External suppliers often present internal vulnerabilities that are not monitored. As a result, maintainers and partners can become perfect entry channels into the IT systems of healthcare facilities. It is essential to dedicate special focus to the secure management of remote access by these subjects, who are often infiltration vectors that are not adequately monitored or protected.

Given the unstoppable and necessary nature of digital transformation, investment in cybersecurity is essential, understood as a guarantee of operational continuity and patient safety.

Integrated Strategy: The Necessary Approach

Healthcare cybersecurity requires an integrated, technologically advanced approach tailored to the specific needs of the sector.

Nicola Mugnato, CTO and founder of Gyala, emphasizes the need for sector-specific responses:

“The electromedical systems of healthcare infrastructures, like water purification and distribution systems, power plants, or IT systems of public administrations, all require different rules, because each needs specific reactions capable not only of blocking the attack but also of restoring the service. It is not enough to ensure the integrity, availability, or confidentiality of information — it is necessary to ensure that the machines we use for diagnosing and treating patients cannot instead cause harm, just as we must prevent a foreign state from shutting down our power plants or blocking communications and transportation.”

The most effective actions look to an extended model of security governance, capable of integrating IT, OT, and the supply chain, and monitoring devices and access with intelligent technologies. In this scenario, enabling data-driven and automated risk management is now a must.

For Defense, Discovery and Secure Access

Given the specific vulnerabilities (OT/IoT, weak supplier access), it is necessary to identify tools that strengthen endpoints and allow for asset discovery:

  1. OT/IoT Discovery and Defense: It is essential to automatically carry out the discovery of every OT/IoT device present in hospital networks (PLCs, CNC machines, electromedical devices, and sensors) to promptly identify unauthorized or compromised devices.
  1. Supply Chain Mitigation (NIS 2): The adoption of a Secure Gateway is indispensable to limit exposure to cybercrime carried out by maintainers and the supply chain. This solution is in line with the NIS 2 directive, which requires healthcare organizations to include supply chain risk management in their strategies.

The Solutions: Agger 3.0 and Secure Gateway

On the market, Gyala offers advanced and integrated technologies for the healthcare sector: Agger 3.0 and the Secure Gateway.

  • Agger 3.0 is able to automatically identify, classify, and monitor in real time every OT/IoT device present in hospital networks, thanks to detection rules expressed in Sigma, Yara, and Suricata. The agentless tagging system facilitates timely anomaly management.
  • Agger 3.0 integrated with the Secure Gateway allows network monitoring and protection and secure management of supplier access, creating a secure channel for remote access with predefined time windows and a complete audit trail.

Finally, Mugnato Highlights the Importance of the Italian Origin of These Solutions:

“National Sovereignty for cybersecurity technologies is a theme we strongly believe in and which has been reaffirmed by the Government with the recent DPCM of April 30… Customers themselves appreciate Italian technology […] and are happy to know that for any need they do not have to turn to an insensitive multinational, but can count on a responsive and flexible national company ready to support them as if they were part of their own organization.”

article published by ForumPA