Much like in the realm of physical security, the overwhelming majority of cyber breaches have a human failure somewhere near their heart. All too often though, that's because the security processes in place don't fit human behaviour.Some of us have proposed a Cyber Security forum on ARRSE for some time? @Good CO? @Bad CO?
Was it really caused by someone opening a dodgy e-mail or a suspicious attachment? Should safety critical systems really be connected to the same network as an e-mail server?
Can an incoming e-mail be sheep dipped? Can individual devices on a network have additional layers of defence?
Something like a University and attached hospital network(and that's a huge risk right there!) will have something like hundreds if thousands of IP addresses in use and I can absolutely guarantee that they are available on the Dark Web from either a genuine breach at the ISP (unlikely IMHO) or via theft from a disgruntled (usually former) employee.
I genuinely don't know what the hackers tool of choice is these days, but in business Cyber Defence a cloud based platform like Splunk could sift, sort and provide indicators of the vulnerabilities of those IP addresses in seconds flat. From there the back door is open and a malicious actor is hampered only by their imagination.
Truly effective security is possible bit it requires professionals, who are in short supply, and constant vigilance which is expensive. It is, to use an oft-repeated cliche, an arms race. And at the risk of stretching an analogy the key to winning it is threat intelligence.