How MemorialCare confronts evolving risks along its modernization journey

The global healthcare cybersecurity market is set to reach $58.4 billion by 2030, according to statistics portal Statista, by virtue of the healthcare industry being under increasing attack. And in KnowBe4’s 2024 International Healthcare Report, the global healthcare sector experienced 1,613 cyberattacks per week in the first three quarters of 2023, nearly four times the global average.

For Kevin Torres, trying to modernize patient care while balancing considerable cybersecurity risks at MemorialCare, the integrated nonprofit health system based in Southern California, is a major challenge. To put what Torres is dealing with in context, MemorialCare has over 14,000 physicians and employees using connected devices, and runs more than 52,000 connected devices and pieces of equipment throughout its network. “We work in a high stakes environment,” he says. “If we experience a cyber attack or ransomware event, this could mean we can’t accept new patients because we can’t guarantee our ability to take care of them.” As such, one of his primary concerns is the business’ ability to recover and keep delivering seamless patient care should an attack happen.

Torres and his team are specifically focusing much of their attention on securing their biomedical device environment, including incubators, cardiac pacemakers, cochlear implants, and defibrillators. “When we looked at this technology, we quickly realized we didn’t have a clear line of sight to all the connected devices,” he says. “We didn’t know what was connected or if everything was patched properly. We didn’t have the same level of rigor and diligence with these biomed devices as we did with the computers that connect to our network. So there was a very real gap in our defenses.”