PRESSR: Cisco outlines five priority actions to strengthen cybersecurity in healthcare

Riyadh, Saudi Arabia — Cisco, today, shares five priority actions every healthcare organization must take to strengthen security and maintain digital resilience across the sector. This forward-looking approach addresses the unique vulnerabilities of healthcare, while seeking to help organizations in Saudi Arabia build resilience and maintain trust in a rapidly evolving technology landscape.

As a digital-first nation, Saudi Arabia’s healthcare sector stands out as one of the most dynamic in this shift. With hospitals and healthcare providers embracing technologies such as electronic health records, telemedicine, and AI-driven diagnostics, cybersecurity has become a critical component to help safeguard data and maintain public trust.

Today, the healthcare industry is a prime target for cyberattacks globally because it holds highly valuable patient data, often relies on outdated systems, and faces common human and resource vulnerabilities that make breaches easier and more damaging. In fact, phishing remains the most common entry point for attacks, whilst weak passwords, shadow IT, and lack of awareness are pervasive issues.

Considering this, the Kingdom has set a strong benchmark for healthcare cybersecurity through a national framework led by the National Cybersecurity Authority (NCA), which works closely with the Ministry of Health (MoH) to safeguard the sector. The framework mandates key protections such as risk management, secure software development, identity and access governance, data protection, and breach reporting, reinforced by the Personal Data Protection Law (PDPL) and the Anti-Cybercrime Law. In parallel, Saudi Vision 2030’s Healthcare Sector Transformation Program is reshaping the system by emphasizing innovation, preventive care, financial sustainability, expanded digital health, and adherence to global best practices.

Salman Faqeeh, Managing Director at Cisco Saudi Arabia says, “The Kingdom is transforming its healthcare system by expanding access to services, upgrading medical infrastructure, and encouraging greater private sector participation. Cybersecurity is critical to this progress because every piece of information in today’s digital world is valuable and must be protected. At Cisco, we are committed to raising awareness and delivering secure-by-design solutions to help organizations in Saudi Arabia strengthen their defenses, stay ahead of evolving threats, and protect what matters most in our increasingly connected world.”

Considering these realities, Cisco shares five actions for policymakers and healthcare organizations to combat the rising issue of cyber-attacks:

• Treat Obsolete IT Systems as a Systemic Risk: Outdated IT systems and medical devices are not just an operational inconvenience; they represent a systemic risk to healthcare delivery. Policymakers and regulators must continue to incentivize healthcare providers to identify and address vulnerabilities associated with legacy systems.
• Reimagine IT Spending Models: Many hospitals operate under rigid spending models that prioritize capital expenditures (CapEx) over operational expenditures (OpEx). This is at odds with the growing trend toward subscription-based service models in the IT and cybersecurity sectors. Hospitals must have the flexibility to reallocate funds between CapEx and OpEx without bureaucratic delays or approvals. Policymakers should work with national healthcare authorities to revise budgetary rules, enabling healthcare organizations to adopt and sustain advanced cybersecurity solutions. Without this flexibility, even the best tools risk becoming underutilized or abandoned when operational budgets run out.
• Elevate Cybersecurity Training to a Strategic Priority: The healthcare sector’s largest vulnerability is people. Regular, sector-specific cybersecurity training must be mandatory for all healthcare staff, from IT teams to frontline medical professionals. Training should not only cover basic cyber hygiene but also prepare staff to respond effectively during an attack. For example, teams should practice executing downtime procedures to ensure continuity of care even when systems are compromised.
• Encourage Resource Sharing and Regional Collaboration: Not every hospital can afford a dedicated cybersecurity team, but collaboration can bridge the gap. Resource sharing and regional collaboration present scalable solutions to bridge these gaps. Regional groupings allow hospitals to share IT systems, issue joint action plans, and conduct collective cybersecurity exercises. Such collaboration can also help optimize costs, extend threat intelligence, enabling healthcare providers to learn from each other and stay ahead of emerging threats. Policymakers should encourage such models, extending collaboration to laboratories, healthcare insurers, and research institutions to build a resilient healthcare ecosystem that protects patient data and ensures continuity of care.
• Secure Electronic Health Records (EHRs) as a Top Priority: EHRs will become central to healthcare delivery and research. However, this also makes them prime targets for cyberattacks. Policymakers must ensure that EHR systems meet the stringent cybersecurity requirements. This includes robust access controls, encryption, and interoperability standards to ensure that EHRs can be securely exchanged across borders. Protecting EHRs will require not just technical solutions but also comprehensive risk management strategies tailored to the healthcare sector.

Cisco emphasizes that cybersecurity is not solely an IT issue, but a shared responsibility between government, regulators, healthcare providers, and technology partners. By addressing legacy vulnerabilities, building collaboration mechanisms, and embedding security culture across organizations, Saudi Arabia can continue to deliver a secure and sustainable healthcare ecosystem that safeguards sensitive patient data and ensures continuity of care in the digital era.

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.