Why Healthcare Can’t Secure What It Can’t See
Healthcare organizations spend more on cybersecurity than almost any other sector. Firewalls. Endpoint detection. Threat monitoring. The investments are real, and they are significant.
And yet, healthcare has been the most breached industry in the world for 13 consecutive years running.
That gap between investment and outcome is the problem worth examining.
The numbers tell a story that budget sheets don’t
The average hospital manages over 350,000 connected devices. MRI machines. Infusion pumps. Tablets at the nurses’ station. Laptops that physicians carry between the clinic and home. Each one is a node on the network. Each one is a potential entry point.
Healthcare breaches now average $7.42 million per incident, the highest of any industry. Once attackers are inside, it takes healthcare organizations an average of 233 days to contain the damage. That’s 80 days longer than other industries.
Read that again: 233 days. Attackers are often living inside hospital networks for months before anyone notices. And in many cases, the entry point isn’t a sophisticated zero-day exploit. It’s a forgotten device that nobody knew was still connected.
Ghost assets are a real and underacknowledged risk
There’s a term for devices that exist on a network but have fallen off IT’s radar: ghost assets.
The tablet deployed for a telehealth pilot that never got formally retired. The workstation sitting in a storage room from a department restructuring two years ago. Devices checked out by employees who have since left the organization.
These aren’t hypotheticals. They’re common findings in healthcare IT environments, and they carry serious consequences. Untracked devices don’t get patched. They don’t get monitored. Under HIPAA, if protected health information exists on a device that no one is tracking, that’s a compliance exposure. “We didn’t know that device existed” is not a defensible answer when auditors come calling.
Visibility is the foundation everything else is built on
Most of the security tools healthcare organizations invest in assume a complete picture of the environment they’re protecting. Patch management only works if every device that needs patching is known. Threat detection only catches activity on devices it can see. Breach response is only fast when IT teams know exactly what was accessed and where.
Asset visibility sounds foundational. It is. That’s precisely why it tends to get deprioritized in favor of tools that feel more sophisticated, and why the breach numbers keep climbing.
Healthcare IT teams are stretched. One IT professional supporting more than 100 employees is common across the industry. These teams can’t manually audit thousands of devices. What they need is a reliable, automated answer to four basic questions: what devices exist, where are they, who has them, and are they current?
The practical starting points are simpler than they sound
A full hardware inventory audit is the first step, and it almost always turns up surprises. Ticketing systems and spreadsheets reflect what IT thinks exists. A live audit reflects reality.
Offboarding is where ghost assets are born. Healthcare has high turnover and frequent staff transitions. When an employee leaves and their device isn’t retrieved and processed through a formal return workflow, that device doesn’t disappear. It stays connected, unmonitored, and unaccounted for.
Lifecycle mapping closes the loop. Knowing when devices were deployed, when they’re due for refresh, and when they should be retired means the environment stays current. Aging hardware running outdated software is precisely the kind of target attackers look for because organizations often don’t know it’s still there.
The lock analogy that keeps coming up
The best locks in the world don’t help if there are doors in the building that nobody knows about.
Healthcare organizations spend more than any other industry recovering from data breaches. A meaningful portion of that cost is preventable, and it doesn’t require a larger security budget. It requires a more complete picture of the assets that budget is supposed to be protecting.
Know what’s on the network. Track it. Manage it through its full lifecycle. In any industry, that’s good IT Asset Management practice. In healthcare, where the devices on the network are connected to patient care, it’s something more than that.
