Topics:
As 2025 comes to a close, some of our Nexus contributors and experts have provided us with a look back on the year in cybersecurity, and their predictions for the next year within their industries and specialty areas. Today, ASL Roma 1 CISO Stefano Scaramuzzino reflects the rapid acceleration of connectivity in healthcare, and predicts stringent cybersecurity regulations are coming for the industry.
2025 will be remembered as the year the healthcare industry lost its digital innocence.
Devastating ransomware attacks no longer simply affected administrative systems, but also targeted connected medical devices (IoMT) and critical patient data, jeopardizing the integrity of healthcare itself. This reflection is personal to me; we finally understood that a hospital breach is not a simple data breach, but a direct attack on civil infrastructure and the well-being of individuals.
It was a year of rude awakenings that forced the industry into an urgent race to realign medical innovation and basic security.
For 2026, I predict a seismic shift.
Cybersecurity in healthcare will cease to be seen as an IT issue and become a clinical quality requirement. We will witness the rise of a patient-centric approach, with standards requiring medical device manufacturers to ensure security by design and provide updates throughout the product's lifecycle.
Furthermore, I predict governments will introduce stringent regulations that will make cybersecurity a legal prerequisite for hospital accreditation, transforming it from an operational cost to a non-negotiable component of patient care.
Stefano Scaramuzzino is the cybersecurity team leader and network and information systems manager, for ASL Roma 1, Italy's largest local health authority.
