Your leading voice in digital health news
Twitter X Logo

 
close
News
/

Opinion: Want to boost your cyber resilience? Start by examining your OT security

15 May 2026
By Jason Pearce, Field Chief Technology Officer for APJ at Claroty
Image: iStock

In today’s interconnected healthcare environments, the line between patient care and technology has blurred significantly. Behind every modern healthcare organisation lies a complex ecosystem of operational technology (OT) that is integral to critical care functions.

Jason Pearce. Image supplied.

The most obvious examples are medical devices, like those that monitor patients during surgery or infusion pumps used to administer medications. But lesser-known OT like elevator systems, lighting control, ventilation, and HVAC systems are just as essential to patient care – whether it’s maintaining a clean and safe environment to allowing for easy transportation of patients, samples, and medications around the facility, and regulating temperature.

These technologies have introduced new levels of connectivity for healthcare providers, but have consequently created significant cybersecurity challenges and blind spots. While many healthcare providers recognise the importance of securing their clinical devices, they often overlook other, less obvious OT devices, despite them carrying the same level of cyber risk.

Healthcare environments are innately complex to secure. Unlike the standardised world of enterprise IT, healthcare environments often include dozens of disparate vendors for medical devices and hundreds of configurations to monitor and manage. To top things off, this complexity intersects with stringent regulatory requirements, as well as daily operations that include the possibility of life-threatening situations if a device is compromised.

With all this in mind, Australian healthcare providers are increasingly adopting cybersecurity strategies to build up their resilience, protect their critical OT systems and the lives of their patients.

Why OT is so essential in modern healthcare

In recent years, healthcare delivery has become less reliant on manual processes and more dependent on OT systems. Because of this transformation, the importance of OT resilience is now directly tied to patient safety. For example, monitoring systems continuously track patient vital signs and automatically alert clinical staff if any concerning changes occur, and data is logged in electronic health records. Diagnostic equipment captures and transmits detailed images and measurements that inform critical care decisions, and medication management systems such as smart infusion pumps help ensure each patient receives the right medication dosages.

Beyond affecting treatment itself, OT systems such as BMS control airflow in operating rooms and regulate temperature and humidity for patient comfort and equipment functionality. On top of that, HVAC and other environmental management via BMS systems directly impact how a hospital can contain possible infections, stability of pharmaceuticals, and the performance of life-saving equipment. With so many critical functions being directly tied to OT in healthcare environments, one security breach can have a potentially devastating cascading effect on nearly every facet of patient care.

OT in healthcare is increasingly vulnerable

Complexity is the enemy of resilience in healthcare environments. The diversified ecosystem of devices and systems creates a broad attack surface that can be exploited by attackers—especially if devices are left undiscovered by security teams. That’s why it’s so important to conduct a thorough asset inventory of all devices across a healthcare organisation. After all, if you can’t see it, you can’t protect it.

Much like industrial environments, programmable logic controllers (PLCs) play a key role in patient care and day-to-day operations in a hospital. An attack on one PLC could carry dire consequences. For example, a compromised PLC that controls airflow and/or temperature controls could result in spoiled lab cultures or medications that require strict refrigeration. Meanwhile, a cyber attack affecting the elevators and pneumatic tubes could halt the transport of emergency patients or blood samples between floors, creating a life-threatening situation.

In addition to these examples, legacy and outdated systems present another challenge. Many devices in hospital networks run on outdated operating systems, which contain unpatched security vulnerabilities and therefore expose healthcare networks to cyber attacks. In recent Claroty research, 89% of organisations were found to be running medical systems that were insecurely connected to the internet and vulnerable to publicly available exploits – including those actively used by ransomware gangs.

Boosting OT Security to improve patient care

To boost resilience in healthcare environments, organisations must build systems that can withstand, adapt to, and recover from disruptions while maintaining a high standard of patient care. For the purposes of healthcare environments, resilience serves three key purposes:

1. Patient Safety

Ensuring critical-care systems are functioning reliably and accurately is tantamount to resilience. If these systems fail—or worse, suffer a security breach—it will endanger the lives of patients.

2. Operational Continuity

Even if these systems suffer an incident, it’s imperative to maintain healthcare delivery. Deploying compensating controls can be a good way to address weaknesses of specific security requirements and mitigate risks. 

3. Regulatory Compliance

All of this must be done while staying in compliance with regulatory requirements governed by the SOCI Act, Privacy Act and more.

Maintaining a comprehensive asset inventory is a good starting point for achieving resilience in healthcare OT. But to truly align with these three key purposes, healthcare organisations need to implement a zero-trust approach that relies on the principle of “never trust, always verify.” This approach requires continuous verification of every device that’s being used to log into the hospital network, and is particularly valuable in such environments that rely on so many life-saving devices that are managed by external vendors.

With the stakes this high, Australian healthcare organisations are now prioritising the security of their critical OT devices in order to boost patient safety.

Explore similar topics

Leave a Reply

Related Articles

3 October 2025 
Opinion: Productivity in healthcare
22 April 2026 
Claroty targets gap between asset visibility and cyber risk action
13 June 2025 
Why Australia’s healthcare future depends on technology
21 November 2025 
Why Australia’s healthcare startups require patient investors
17 October 2025 
Embedding trust in digital health through secure-by-design
1 2 3 9

Sign Up to your leading voice in digital health news 

This field is for validation purposes and should be left unchanged.
Join 20,000+ professionals reading the latest in digital health news.

Log in to Pulse+IT

Not a member yet?
Subscribe here
Forgot your password?

Explore by category

Aged, community and disability care AHW26 Allied Health Asia Pacific Health IT Australian Digital Health DHF25 Digital Health Opinion Enterprise Ireland EU Movers and Shakers Irish Digital Health Movers and shakers New Zealand Digital Health Opinion Pulse+IT Blog Uncategorised 

Your leading voice in digital health news

Twitter X
Copyright © 2026 Pulse IT Communications Pty Ltd. No content published on this website can be reproduced by any person for any reason without the prior written permission of the publisher. If your organisation is featured in a Pulse+IT article you can purchase the permission to reproduce the article here.
Website by Get Leads AU.
Privacy Policy

Your leading voice in digital health news 

Keep your finger on the pulse with full access to all articles published on 
pulseit.news
Subscribe from only $39
magnifiercrossmenuchevron-down