Healthcare: Responsibilities, regulations and legacies

Reading time: 4 minutes

Category: Trends and Reports

In early June 2024, major hospitals in London declared a critical incident following a cyberattack that led to canceled operations and the diversion of emergency patients.

Sina Yazdanmehr, founder and managing director of Aplite GmbH, is a senior information security consultant and researcher. Since 2009, he has worked for different security firms and CERT, developing a strong expertise in cloud, application, and telecom security.

Sina has presented his research at conferences like Black Hat. Recently, his expertise extended to healthcare cybersecurity, discovering structural issues.

Unfortunately, this is but one of many attacks that have targeted healthcare facilities over the last few years. Cyberattacks on healthcare organizations can put patients’ lives and entire organizations at risk. There are numerous reasons why cyber attackers seem to favour healthcare facilities as a target: private patient information is worth a lot of money, medical devices are easy entry points, and there’s a lot of outdated technology.

In this healthcare focused episode of Threat Talks, hosts Lieuwe Jan Koning and Luca Cipriano are joined by Sina Yazdanmerh, Founder and Managing Director of Aplite GmbH, as they aim to answer some of the biggest questions in healthcare cybersecurity, starting with: How do you protect patient data?

With so much at stake, what are the risks associated with legacy systems, and how does one safely modernize these systems without interrupting service or exposing new vulnerabilities? Furthermore, healthcare has specific data regulations to take into account, like HIPAA and GDPR – how do you ensure you’re compliant?

P.S. Think you can spot the secret code in this episode? Join the treasure hunt, submit the code and win your very own Threat Talks t-shirt!


DICOM stands for Digital Imaging and Communications in Medicine, and is the international standard to communicate and manage medical images and data. Unfortunately, it seems to come with significant vulnerabilities to data breaches and manipulation.

How can healthcare systems safely rely on the DICOM protocol?

In this deep dive, Threat Talks host Lieuwe Jan Koning is joined by Jan van Boesschoten and Sina Yazdanmehr, as they take a look at DICOM’s widespread use in healthcare.

Understanding and addressing the weaknesses in legacy systems like DICOM is crucial for enhancing healthcare cybersecurity. Together, they underscore the importance of proactive measures and secure network practices to defend against such evolving threats.

The discussion concludes with practical advice for hospitals and healthcare providers on safeguarding their systems against these hidden threats.

Jan van Boesschoten, Innovation Manager at AMS-IX, diligently monitors a wide range of emerging technologies and their impact on social and economic developments.

His primary role involves synthesizing these insights to develop first-generation tools and services. He navigates the delicate balance between envisioning the future and producing tangible results. If this balance were compared to a tightrope, the risks involved would be substantial. Despite this, he has remained steadfast, significantly supporting AMS-IX’s mission to foster a better society through improved internet.

Ireland’s HSE ransomware attack

In May 2021, Health Service Executive (HSE), part of the largest healthcare network in Ireland, fell victim to a significant ransomware attack. It’s 4,000 locations, 54 hospitals, and 70,000 devices were affected by this attack and the consequences were incalculable.

The impact could have been much less if basic security controls were in place. What exactly went wrong? How did the attackers manage to infiltrate such a large network? What steps could have been taken to prevent this disaster, and what lessons can other organizations learn from this incident?

Our experts Luca Cipriano and Rob Maas break down the timeline, the techniques used by the attackers, and the critical security measures that were missing.


In February 2024, the Change Healthcare attack led to a $22 million ransom demand and three weeks of downtime, showcasing the devestating impact ransomware can have on an organization. How did ScreenConnect vulnerabilities get exploited to aid in this attack?

Lieuwe Jan Koning and Luca Cipriano are once again joined by Rob Maas, Field CTO at ON2IT, as the three of them discuss how ScreenConnect vulnerabilities were exploited and how ransomware spreads.

Why are network segmentation, endpoint detection and response (EDR) tools, and virtual patching critical in preventing such attacks?

Tune in for this deep dive and find out!

Follow our Threat Talks podcast

Stay up to date with the latest developments in the world of cybersecurity! Alongside industry experts, we explore recent cyber threats, what their impact was and how to prevent these threats in the future.