The Patient Safety Risk Hiding in Plain Sight on Every Hospital Floor

In most large health systems, leaders hear familiar reports like: EHRs are protected, networks are locked down, PCs are protected, and zero trust is on the roadmap. Cybersecurity is “under control.”

Now, picture this.

An identity and certificate change rolls out across a multi-hospital IDN. PCs keep working. Core apps stay up. But no one designed printers into the plan as endpoints.

Over the next few hours, devices in admissions, the ED, pharmacy, lab, periop, and discharge quietly lose the ability to authenticate. Wrist bands and documents don’t print. Meds can’t be labeled. Lab and imaging work slows. Admissions and discharges stall because packets and signatures can’t be produced. Revenue sits in queues.

Nothing “catastrophic” happened in the data center. Yet, one unmanaged class of endpoints lost protection and governance, taking a digitized hospital back to paper workarounds and delays. It took minutes to apply the change, but it may take days to fully detect, trace, and unwind the impact.

That class is printers: every device that creates an image, electronic or otherwise.

The real role of printers in a modern IDN

When leaders hear “printer,” they picture office equipment. What actually sits in their environment is a mix of MFPs, SFPs, thermals, scanners, and copiers that live on internal networks, talk to core systems, and carry the last mile of critical workflows.

Our work across hundreds of thousands of devices in large healthcare systems, printers consistently represent about 20 percent of all known network endpoints and 99 percent are operated outside of any continuous protection or governance program.

The facts are: 

They receive, process, transmit, and store PHI and PII. A single unencrypted device can retain years of clinical and financial documents. They authenticate with directory, email, file, and application systems. 

They are integral to key workflows that move patients and generate revenue such as: admissions and registration, ED intake, pharmacy and IV compounding, blood bank and transfusion, lab and imaging logistics, perioperative workflows, discharge, documentation, and revenue capture.

They are not “in front of” workflows. They are part of them. 

That is a patient safety problem and a revenue problem, not a “printer problem.”

No owner for protection and governance

Three groups touch printers every day.

Supply chain buys them, leases them, and manages cost per page. Information Technology (IT) keeps them reachable on the network. Security owns policies and tools tuned for laptops, desktops, and servers, not print fleets that grew up outside of those disciplines.

Ask a different question: “Who owns printer endpoint protection and governance so these devices are in scope as endpoints, not just as equipment?”

In most environments, there is no name on that line and no dedicated budget for printer endpoint protection and governance, separate from paper and toner and break/fix. 

For roughly 20 percent of network endpoints that handle (and store) PHI, authenticate against the enterprise, and can halt care when they are disrupted, that is the current state.

That is a governance failure.

Combined exposure: outage, cyber, and regulation

A print fleet left outside protection and governance creates three converging exposures.

Outage and throughput

Identity and network changes happen constantly in large systems. Certificates expire. When printers are not designed into those cycles as endpoints, they are hit by them.

The result is days of degraded throughput: admissions and ED intake backing up, pharmacy and lab reverting to manual workarounds, OR and procedural cases pushed or cancelled, discharges waiting on paperwork with beds held up behind them. The hospital’s high-revenue areas operate below capacity.

Even conservative departmental disruptions can quietly add up to multi-million-dollar exposure and take weeks to remediate when you have to find affected devices one outage ticket at a time.

Cyber and lateral movement

These same endpoints can be convenient on-ramps. One compromised printer inside a trusted segment can be used to harvest credentials, move laterally into key enterprise systems like email and directory services, and create an enterprise-level incident. Without monitoring, hardening and regular review, there is no visibility until something bad has happened. 

The device that breaks admissions when it cannot authenticate can also help an attacker reach the systems that leadership believes are already protected.

Regulatory and defensibility

Printers are clearly in scope for the HIPAA requirements, yet they sit unprotected and ungoverned. 

How printers are “handled” today

Most large fleets fall into one of three patterns.

First, do nothing. Printers are “managed” for toner, break-fix, and uptime. There is no clean, maintained inventory, no hardened baseline, no monitoring, no patching, no certificate management and no records. They are unprotected and ungoverned.

Second, OEM tools and DIY. Some try to use vendor-specific tools and scripts themselves, on top of their real jobs, to impose some control across their fleet that is necessarily a complex mix of OEMs, models, and firmware levels. Gaps and changes are not addressed. 

Third, “our MPS handles it.” Security shows up as some limited RFP language and maybe as installation-time one-time settings, not as an ongoing program. As models and sites change, printers end up at factory defaults and no visibility. 

All three patterns leave these endpoints that carry PHI and patient-critical workflows outside the same discipline applied to other device classes.

What printer endpoint protection and governance looks like

The solution does not require inventing a new architecture. It requires treating printers like what they already are: endpoints that matter.

At a board level, a real program is simple to describe:

• Scope and inventory: you know which printer endpoints exist and are in scope across vendors, models, firmware, and sites, and that view is kept current.
• Baseline: you have a defined protection standard for configurations, passwords, firmware, certificates, and behavior, and you know when those items are due to change.
• Enforcement: you can see when devices or settings drift from that baseline and you put them back within a reasonable time.
• Change and lifecycle: adds, moves, changes, acquisitions, and policy updates bring printers into the program instead of knocking them out of it.
• Records and reporting: you can show coverage, exceptions, and actions over time in a form leadership, auditors, insurers, and regulators can use.
• There are no gaps. 

If you cannot describe that level for your printers, you have equipment management and good intentions, not a reliable program.

A wake-up call for large IDNs

If you lead a large health system, you do not need another abstract cyber talk. You need clear answers to three questions:

1. Who, by name, owns printer endpoint protection and governance in our system?
2. What explicit budget have we approved to protect and govern this entire endpoint class, separate from paper, toner, and leases?
3. If a regulator, cyber insurer, or board member asked us today to prove that our printer endpoints are protected and governed to the same standard as our other critical endpoints, over time and not just on paper, what would we actually put on the table?

If those answers are vague or uncomfortable, the gap is not theoretical. It is already sitting on every floor, inside the workflows that move patients and revenue, waiting for the next identity change, network change, or attacker to make it visible.