Hacking Hospitals

24 months, 12 healthcare facilities, 2 healthcare data facilities, 2 healthcare technology platforms, and 2 active medical devices

ONE Blueprint to secure healthcare assets

View Report

Wrong Mission

Focusing on patient records


Outdated Approach

Ignoring advanced threats



Patients not protected

This study is laser-focused on protecting patients, by not just identifying the vast array of security challenges in healthcare, but also by articulating the path forward for the providers and business associates to provide better security.

- Dr. Larry Ponemon, The Ponemon Institute

I almost always get questions like this: “Where do I start with fixing Security?” Or: “I just implemented encryption, now what do I do?” Those days are over: here is a blueprint, a roadmap for building and enhancing your security.

- David Finn, Symantec

We recognize the immense political, regulatory, and business challenges that hospitals face in the pursuit of their security mission, so we designed the blueprint to help a healthcare organization navigate that complexity.

- Geoff Gentry, ISE

The industry today is focused almost exclusively on protecting patient records. We set out on this research to determine what are the threats to patients' lives, and how realistic are those threats. We found those threats to be very real, and worse still the industry is ill prepared to effectively deal with them. We hope this blueprint can move things in the right direction.

- Steve Bono, ISE

We found egregious business shortcomings in every hospital, including insufficient funding, insufficient staffing, insufficient training, lack of policy, lack of network awareness, and many more. These vulnerabilities are a result of systemic business failures.

- Ted Harrington, ISE