Security in Colombia's hospitals is going through a critical moment. Despite progress in the digitalization of the healthcare sector, many hospitals lack the necessary capabilities to effectively prevent and respond to cyber incidents.
By Juan Guillermo Fernández*
This vulnerability is exacerbated by the implementation of new technologies without proper security planning, which has increased exposure to attacks, especially due to the integration of clinical systems, internal networks, and connected medical devices.
According to a recent report published by Latinpyme, 60% of health institutions in Colombia have been victims of cyberattacks, which can have serious consequences, compromising both hospital operations and the privacy of patient and medical staff data.
Faced with this scenario, a coordinated response between public and private entities is essential to strengthen the technological infrastructure, establish clear protocols for the devices that will be interconnected to their networks, incident response protocols, and promote continuous training of personnel in good cybersecurity practices.
Physical and Digital Security Risks and Challenges
The comprehensive protection of patients, medical personnel, critical infrastructure and confidential information is a priority that still requires a more structured and effective approach in the country.
In terms of physical security, many health institutions have weaknesses in their access control systems. Sensitive areas such as operating rooms, laboratories, medicine warehouses, and emergency rooms are vulnerable due to inefficient surveillance and restriction mechanisms. This situation exposes both patients and medical staff to potential risks, including unauthorized intrusions, theft, or internal violence.
In addition, the video surveillance systems installed in many hospitals are obsolete or technically deficient, which limits their ability to detect and deter incidents. These shortcomings make physical security a critical point that must be reinforced with modern technology and clear operational protocols.
In the digital sphere, the growing digitalization of the health sector has not been accompanied, in many cases, by the implementation of adequate cybersecurity protocols. The connectivity of multiple devices – including medical equipment, IoT solutions, access control systems and video surveillance – without the necessary protection measures has alarmingly increased exposure to cyber threats.
Of particular concern is the proliferation of ransomware-type attacks, which seek to hijack critical information of institutions, paralyzing their operations and compromising sensitive patient data.
In general, hospitals in Colombia face serious security risks, both physical and digital. Among the main challenges are uncontrolled access to critical areas, deficient video surveillance systems, lack of trained personnel and absence of emergency plans. On the digital front, the insecure connectivity of medical devices, security devices, vulnerable networks, and digitalization without adequate protocols have increased exposure to cyberattacks. Basically, any equipment, device or point that is on the network is a risk factor for institutions.
Solutions to improve security
To improve the safety of patients and workers in hospitals and prevent situations of aggression, it is necessary to adopt a comprehensive approach that combines technology, infrastructure and human management.
A key measure is to strengthen access control, restricting entry to sensitive areas and using appropriate identification systems.
It is also essential to modernize video surveillance systems and ensure their constant monitoring, complying with the necessary cybersecurity protocols. At the organizational level, it is essential to train personnel in handling conflict situations and establish clear protocols for action in the event of incidents.
*Juan Guillermo Fernández, Business Development Manager Latam - Security Products- Johnson Controls.
