European Hospital Cyberattacks Target Patient Care

Black Book Research surveyed 284 European hospital cybersecurity buyers and found cyberattacks are increasingly directed at clinical systems and patient workflows rather than only aiming to steal data. Respondents reported attackers are targeting authentication, system availability and recovery windows, third-party connections and the digital processes that move patients through emergency departments, labs, imaging, pharmacy, operating theatres and intensive care units.

The survey reports that 82% of respondents rated their concern about cyberattacks in 2026 as very high or extreme, while 74% said their organization is likely or highly likely to face a major cyber event this year. Respondents identified specific technical targets such as identity controls and recovery points as attacker priorities.

Hospital cybersecurity buying has shifted from a primary focus on preventing data breaches to funding tools that preserve clinical operations. Two-thirds of respondents reported investments in identity controls, identity and access management, privileged access management, single sign-on failover and break-glass access. Fifty-seven percent are funding ransomware recovery tools, immutable backups and read-only clinical access.

Just over half of respondents are investing in network segmentation, zero trust architectures and ZTNA solutions. Incident-response retainers and crisis-response services were cited by 46% of buyers, while 45% are spending on third-party supplier and vendor cyber-risk management. Investments in medical device and Internet of Medical Things security were reported by 37% of respondents, and 29% said they are buying cyber ranges, downtime simulations and resilience exercises.

Board engagement on cyber risk appears uneven. Seventy-eight percent of respondents said their boards receive general cybersecurity risk updates, but only 31% reported that boards get cyber-resilience metrics tied to clinical continuity. One in four hospitals completed a full clinical downtime simulation in the past 12 months, while 32% said they had never carried out a full simulation, had only run tabletop exercises, or did not know when the last exercise took place.

Respondents expressed limited confidence in sustaining care without core electronic health record systems. Fifty-nine percent said their hospital could operate safely for 24 hours without EHR access, 32% for 48 hours and 14% for 72 hours. Doug Brown, founder of Black Book Research, said hospitals face a complex risk environment that includes nationally connected health systems, public-sector capacity pressure, cross-border supplier ecosystems, aging infrastructure, cloud migration and strict regulatory accountability. He added that by the second and third day of a prolonged outage, tasks such as medication reconciliation, lab turnaround, radiology workflow, pharmacy verification, transfer coordination and discharge planning become patient-safety risks.

The survey cites recent incidents that affected patient care, including a 2024 ransomware attack on a pathology provider and a later destructive attack on a medical technology company. Black Book Research framed the pattern as a shift in the attack surface from traditional IT targets to systems used at the bedside.