Cyber Security for Healthcare Conference 2025 – Highlights & Insights

Don Edwards, Principal Security Solutions Architect at Amazon Web Services (AWS) explored the evolving landscape of healthcare cyber threats, sharing real-world examples of cloud vulnerabilities and response strategies. He reinforced the importance of the shared responsibility model, where cloud providers and healthcare organisations must work together to secure infrastructure, identity, and data.

Key stats from the session included:

• Over 943 million unauthorised encryption attempts prevented

• 47% of all internet traffic is now bot-driven, increasing system vulnerability

• 21% of compromised healthcare workloads involved DDoS botnet activity

Kim Moylan from the National Cyber Security Centre (NCSC) gave an in-depth update on Ireland’s role in implementing the NIS2 Directive, Cyber Resilience Act, AI Act, and GDPR.

She emphasised that healthcare is one of the most targeted sectors and now classified under “Essential Entities” under NIS2. Health leaders and boards must not only approve cybersecurity risk measures—but will be held accountable for breaches under upcoming legislation.

Neal Mullen, Chief Information Security Officer, HSE

Neal shared the HSE’s long-term journey toward cyber resilience. He walked through their national strategy:

• A 24/7 Cyber Response Team

• Unified incident management processes

• Cross-department recruitment of Grade VIII cyber leads

• Incident reporting standards and simulation training

He underscored a shift from recovery to anticipatory resilience, with simulation and planning embedded across HSE operations.

Michael Connolly, Chief Information Officer, Mater Misericordiae University Hospital

Michael provided a candid look at deploying Armis to monitor all connected medical devices within MMUH—including unmanaged assets like CT scanners, guest network devices, and IoT equipment.

Key benefits highlighted:

• Agentless visibility across all assets

• Real-time risk scoring and threat detection

• Mapping directly to NIST and NIS2 frameworks

• Faster incident response and patching workflows (one vendor issue resolved in 7 days)

Anita Finnegan, Founder & CEO, Nova Leah

In a focused and practical live demo, Anita Finnegan introduced SelectEvaluate®, Nova Leah’s award-winning cybersecurity risk management platform designed specifically for healthcare providers. The tool helps hospitals and health systems assess and manage cybersecurity risks associated with third-party medical devices—an area of growing concern as digital and connected technologies become standard in clinical environments.

The demonstration showcased how SelectEvaluate® automates the onboarding and evaluation of medical device vendors, enabling InfoSec teams to:

• Centralise and standardise cybersecurity assessments

• Score and track vendor risk over time

• Map findings to regulations like NIST, NIS2, and MDS2

• Streamline decision-making and procurement processes

Anita emphasised how hospitals using the platform can improve their regulatory readiness, reduce manual workloads, and build more secure and efficient supply chains—all while strengthening collaboration between biomedical engineering, procurement, and cybersecurity teams.

Juuso Järviniemi, European Commission

Juuso presented the new European Action Plan to Strengthen the Cybersecurity of Hospitals, part of a 100-day initiative by the European Commission. The plan focuses on:

• Early warning systems

• Ransomware decryption services

• A new European Health CISOs Network

• Digital health cybersecurity vouchers and exercises

Eoin Byrne, Cyber Ireland & Paul Browne, Enterprise Ireland

Eoin & Paul outlined available grant supports including:

• Enterprise Ireland Cybersecurity Review Grant (80% funding up to €3,000)

• A network of 50+ cybersecurity solution providers

• New cross-border collaboration opportunities in 2025–2026

Martin Duffy, Hibernia Venture Partners

Martin led a high-impact breach simulation session that walked participants through a live cyberattack scenario—testing their decision-making under pressure. The session reinforced the value of having response playbooks, trained teams, and coordinated communication channels.

Paul Brady, Vice President of Information Security, Optum

Paul framed cybersecurity as a critical patient safety issue, referencing real-world incidents where ransomware attacks disrupted emergency care. His session challenged healthcare leaders to shift their mindset—from reactive to proactive—and adopt “prevention-first” strategies. He also emphasised the need to make cybersecurity easier to implement in frontline settings and called for greater awareness and education around cyber careers within healthcare.

Facilitated by Thomas Coleman (Zendra Health)
Panellists:

• Ken Sheehan (Smarttech247)

• Anita Finnegan (Nova Leah)

• Hugh McGauran (ARMIS)

The panel explored:

• Critical vulnerabilities in connected medical devices

• The need for supply chain visibility in medtech and healthtech

• How AI and upskilling are reshaping cyber defence

• Calls to expand regulatory sandboxes to safely test digital health innovations