Cisco shares five priority actions every healthcare organization must take to strengthen security and maintain digital resilience across the sector. This forward-looking approach addresses the unique vulnerabilities of healthcare, while seeking to help organizations in the UAE build resilience and maintain trust in a rapidly evolving technology landscape.
As a digital-first nation, the UAE’s healthcare sector stands out as one of the most dynamic in this shift. With hospitals and healthcare providers embracing technologies such as electronic health records, telemedicine, and AI-driven diagnostics, cybersecurity has become a critical component to help safeguard data and maintain public trust.
Today, the healthcare industry remains a primary target for cyberattacks globally because of highly valuable patient data, reliance on outdated systems, and widespread human and resource vulnerabilities that make breaches easier and more damaging. In fact, phishing remains the most common entry point for attacks, whilst weak passwords, shadow IT, and lack of awareness are pervasive issues.
In the UAE, where world-class healthcare is supported by advanced digital connectivity, progress also brings heightened cybersecurity risks. Recognizing this, the Department of Health Abu Dhabi (DoH) has set a strong benchmark for cybersecurity in healthcare through its Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS) framework. The standard requires licensed providers to implement key protections including multi-factor authentication, firewalls, encryption, and incident response planning.
Fady Younes, Managing Director for Cybersecurity at Cisco Middle East, Africa, Türkiye, Romania and CIS at Cisco says, “Organizations must confront the reality that cybersecurity is no longer just an IT issue. It is a core component of patient services and enabling digital resilience in healthcare. At Cisco, we believe that healthcare organizations (like all sectors) should take proactive steps to safeguard their systems and data, helping to maintain patient trust and service continuity. This requires not only strong regulatory frameworks, but also a culture of security embedded into everyday operations. We are committed to working in close collaboration with healthcare institutions across the UAE, delivering secure-by-design solutions to strengthen their defenses and stay ahead of evolving threats.”
Considering these realities, Cisco shares five actions for policymakers and healthcare organizations to combat the rising issue of cyber-attacks:
-
Treat Obsolete IT Systems as a Systemic Risk
Outdated IT systems and medical devices are not just an operational inconvenience; they represent a systemic risk to healthcare delivery. Policymakers and regulators must continue to incentivize healthcare providers to identify and address vulnerabilities associated with legacy systems.
-
Reimagine IT Spending Models
Many hospitals operate under rigid spending models that prioritize capital expenditures (CapEx) over operational expenditures (OpEx). This is at odds with the growing trend toward subscription-based service models in the IT and cybersecurity sectors. Hospitals must have the flexibility to reallocate funds between CapEx and OpEx without bureaucratic delays or approvals. Policymakers should work with national healthcare authorities to revise budgetary rules, enabling healthcare organizations to adopt and sustain advanced cybersecurity solutions. Without this flexibility, even the best tools risk becoming underutilized or abandoned when operational budgets run out.
-
Elevate Cybersecurity Training to a Strategic Priority
The healthcare sector’s largest vulnerability is people. Regular, sector-specific cybersecurity training must be mandatory for all healthcare staff, from IT teams to frontline medical professionals. Training should not only cover basic cyber hygiene but also prepare staff to respond effectively during an attack. For example, teams should practice executing downtime procedures to ensure continuity of care even when systems are compromised.
-
Encourage Resource Sharing and Regional Collaboration
Not every hospital can afford a dedicated cybersecurity team, but collaboration can bridge the gap. Resource sharing and regional collaboration present scalable solutions to bridge these gaps. Regional groupings allow hospitals to share IT systems, issue joint action plans, and conduct collective cybersecurity exercises. Such collaboration can also help optimize costs, extend threat intelligence, enabling healthcare providers to learn from each other and stay ahead of emerging threats. Policymakers should encourage such models, extending collaboration to laboratories, healthcare insurers, and research institutions to build a resilient healthcare ecosystem that protects patient data and ensures continuity of care.
-
Secure Electronic Health Records (EHRs) as a Top Priority
EHRs will become central to healthcare delivery and research. However, this also makes them prime targets for cyberattacks. Policymakers must ensure that EHR systems meet the stringent cybersecurity requirements. This includes robust access controls, encryption, and interoperability standards to ensure that EHRs can be securely exchanged across borders. Protecting EHRs will require not just technical solutions but also comprehensive risk management strategies tailored to the healthcare sector.
Cisco emphasizes that cybersecurity is not solely an IT issue, but a shared responsibility between government, regulators, healthcare providers, and technology partners. By addressing legacy vulnerabilities, building collaboration mechanisms, and embedding security culture across organizations, the UAE can continue to deliver a secure and sustainable healthcare ecosystem that safeguards sensitive patient data and ensures continuity of care in the digital era.
