The digital transformation of healthcare is reshaping the relationship between data, technology, and patient care, making cybersecurity and patient safety inseparable. The digitization of clinical processes, the adoption of telemedicine, and the widespread use of connected medical devices offer extraordinary opportunities for patient care, but they also expand the attack surface exposed to increasingly insidious cyber threats.
The seriousness of the situation is confirmed by data from the report“The Cyber Threat to the Healthcare Sector” by theNational Cybersecurity Agency (ACN): in 2025, cyber incidents in the healthcare sector increased by 40% compared to the previous year. The report highlights how these incidents directly threaten the availability of healthcare services and the protection of sensitive data, making it urgent to strengthen digital resilience against critical attacks such as ransomware.
Against this backdrop, the webinar “Cyber Health: Digital Security for Biomedicine and Biotechnology” provided a comprehensive overview of the entire industry supply chain. Organized by the Ministry of Enterprise and Made in Italy (MIMIT) in collaboration with Cyber 4.0 and the Graduate School of Specialization in Telecommunications (SSST), the event is part of an in-depth series dedicated to the transformations in cybersecurity within a rapidly evolving technological and regulatory framework.
Matteo Lucchetti, Chief Operating Officer of Cyber 4.0, opened the proceedings by emphasizing the importance of treating digital security as a fundamental component of biological and medical innovation processes to ensure reliability and operational continuity for institutions and citizens.
Digital Health, Data, and Resilience: Challenges Facing Italy and Europe
Giulia Veltro, Technical Officer at MIMIT, outlined the European regulatory framework for the protection of public health in the digital sphere, emphasizing that the protection of health data today requires an integrated approach combining complementary tools: from the General Data Protection Regulation (GDPR) to the European Health Data Space (EHDS), as well as the NIS2 Directive, the Cyber Resilience Act (CRA), and the Medical Device Regulations (MDR/IVDR).
In this context, artificial intelligence represents a high-potential driver of innovation for the healthcare system: according to a MedTech Europe study cited during the meeting, AI could help save hundreds of thousands of lives each year by improving systemic efficiency.
However, as confirmed by the European Commission’s DG SANTE report titled “Deployment of AI in Healthcare,” the actual deployment of these solutions depends on the ability to address critical issues such as data quality, security, and interoperability.
Managing Risk to Ensure the Safety of Care
The transition from European regulations to local management requires governance models capable of translating these requirements into everyday practices. Camillo Odio, Director of the Health Department of the Abruzzo Region, discussed clinical data protection in depth, highlighting how data governance is a prerequisite for the adoption of any new technology.
Establishing effective governance means natively integrating cyber risk management with clinical risk management. In healthcare, the failure of an information system or an electronic health record is not merely an IT glitch, but an event that impacts the timeliness of treatment and the safety of care. Cybersecurity thus becomes a strategically valuable element in public health decision-making processes.
Smart Devices and Cyber-Physical Vulnerabilities
One of the most sensitive frontiers is the “cyber-physical” dimension, which shifts the focus from the network to the interaction between the digital world and the human body. Gaetano Marrocco, Full Professor of Electromagnetic Fields at theLa Sapienza University of Rome, has analyzed the inherent vulnerabilities of implantable medical devices equipped with wireless interfaces.
Through case studies, it was demonstrated how cyberattacks or electromagnetic interference can have direct physical consequences for the patient, posing an immediate clinical risk. In addition, the cyber-physical approach highlights threats related to privacy, such as the risk of device identification and indirect inference of patient habits through wireless signals. In this regard,the Cyber4Health (C4H) Observatory plays a key monitoring role, working to map these vulnerabilities in order to establish new protection standards.
When a prosthesis begins to generate data
Therapeutic devices are undergoing a radical transformation, as explained in the joint presentation by Nicoletta Panunzio and Anita Casterini, respectively Project Manager & System Engineer and Legal Regulatory Expert for Radio6ense. Traditionally mechanical and passive devices and prostheses are now being integrated with sensors and communication capabilities, transforming them into continuous generators of data on the device’s status and the patient’s clinical condition.
While these solutions open up advanced possibilities for personalized care and predictive maintenance, they also create significant regulatory complexity due to the convergence of hardware and software. To safeguard cybersecurity and privacy, it is essential to apply the principles of “privacy by design” and “security by design” through co-design: a multidisciplinary approach that brings together engineering, legal, and regulatory expertise from the very beginning.
From Data to Action: AI in Support of Prevention
The centralization and intelligent processing of this vast amount of data finally enables the transition from reactive medicine to preventive healthcare. Alessandro Campi, Researcher at the Politecnico di Milano, illustrated the use of reactive software architectures and machine learning techniques to support monitoring and timely intervention.
Unlike traditional systems with static thresholds, intelligent systems analyze data streams in real time to identify anomalies and recognize unforeseen situations. A notable application is the non-invasive monitoring of elderly people using environmental sensors that , without invading privacy with cameras, learn their routines and detect “weak signals” before an emergency occurs.
Conclusions
The webinar confirmed that the digital transition in healthcare is primarily a cultural and organizational challenge. Whereas in the past cybersecurity was only required to protect IT perimeters, in modern healthcare it is called upon to ensure the reliability of devices, the continuity of care, and the public’s trust in scientific innovation.
Upcoming appointments
The cybersecurity seminar series will continue in September with the webinar “Cognitive Warfare: Disinformation, Social Engineering, and Cyber Threats, ” which will focus on analyzing new forms of information manipulation and threats that exploit the human factor as a vector of attack.
Further details on the date and program will be available in the coming months on the official website and social media channels of Cyber 4.0 and the Ministry of Enterprise and Made in Italy.