There has been a string of cyber-attacks in the healthcare sector in recent months, with one of the latest triggered by an Ivanti EPMM vulnerability first disclosed on 15 May 2025. Attackers used the flaw to siphon staff device data and authentication tokens, potentially paving a route to patient records and critical systems.
These attacks are becoming increasingly prevalent due to the high value of patient data, outdated technology and third-party vulnerabilities.
With the UK government recently announcing its 10 Year Health Plan for England, which will see all trusts operate using electronic patient records, this will increase the risk of data breaches and ransomware. This means healthcare leaders will need to take proactive steps to strengthen their cyber security posture. To ensure this is effective, individuals and teams across healthcare will need to take collective responsibility.
Concerningly, e2e-assure’s recent research has revealed that 70% of Healthcare employees admit they are disengaged with cyber security.
This article will explore how Healthcare organisations can take full advantage of the government’s incoming investment through better training and communication – and why this is critical with the risks posed by AI.
A reliance on reactivity causing a lack of employee knowledge
With employees being on the first line of defence, education and training are vital for Healthcare teams in mitigating the impact of cyber security breaches. e2e-assure’s recent research however found that over half (52%) of Healthcare workers are only ‘somewhat engaged’ and over a quarter (28%) are not engaged at all in cyber security training. 18% also said they are unaware of what their company’s AI policies are when it comes to cyber security best practice.
The lack of employee engagement is also a concern as AI tooling gradually cements its place within the sector’s operations. If employees do not understand AI best policies and good cyber hygiene, this puts organisations at risk of leaked confidential data, and risks such as ransomware.
While over a third (34%) of cyber risk owners report providing training in response to a cyber security incident, it’s clear that this reactive approach isn’t working, as nearly a third (32%) of Healthcare employees said they don’t know what the associated consequences would be if they caused a cyber breach.
To better engage employees with cyber security training, it’s important for leaders to consider how to make training impactful. With employees interacting with patients daily, where decisions must be made in fast-paced, real-world environments, it’s vital that training helps them recognise cyber risk in familiar situations. This is reflected in our research which found 82% of workers would be more likely to engage in training if it involved real life scenarios.
Plugging the cyber resilience gap with the right technology
While long term, sustainable resilience is the goal for this sector, cyber attacks are evolving constantly and even the most well-trained workforce can make mistakes or become overwhelmed by advanced tactics.
Whichever method cyber criminals use to gain what’s referred to in cyber circles as ‘Initial Access’, whether through software vulnerability exploitation or social engineering techniques, there remains multiple attack stage opportunities to detect, contain, and eradicate intruders before they get to their target objective of exfiltrating and encrypting data.
Healthcare organisations should challenge technology providers on their ability to detect and contain cyber threats in real time. That means using automation to detect suspicious account activity.
When suspicious behaviour is flagged, the system should the account or device automatically lock, alert the security team, and trigger an immediate investigation. If it turns out to be a false alarm, access is quickly restored. If it’s a real threat, the full cyber response is activated without delay.
This kind of rapid, rule-based containment makes it far harder for attackers to move freely inside a system — forcing them to rethink their tactics entirely just to stay hidden.
Looking forward
In a healthcare environment where patient safety and service continuity are crucial, it’s vital that staff members at every level understand their role and are committed to cyber security best practice. Organisations should make it their priority to explain security measures clearly, helping employees feel like partners in the process.
With our research also finding that 42% of Healthcare organisations use external support to provide Managed Threat Detection and Response, it’s vital that as the sector shifts its focus towards proactive resilience, that organisations push vendors to provide more than just technological support. A good vendor will provide specialist expertise, as well as only recommend services that are required, helping stretched NHS services better manage their budgets.
Cyber resilience is a continuous journey, but healthcare organisations can take clear steps now to strengthen their foundations. NHS staff are central to that effort – keeping their needs at the centre is crucial.
But when mistakes happen, the right provider can act as a protective layer, detecting and containing threats instantly. This transforms cyber resilience from reactive to battle-ready, shielding healthcare’s most vulnerable points while maintaining trust and continuity of care.
By Dominic Carroll, Director of Portfolio at e2e-assure
