IT professionals still struggle with patching operating systems and managing shadowy IT.
Almost two years since WannaCry, the ransomware attack that brought the NHS (National Health Service) in the UK to a halt, healthcare IT professionals feel more confident in their ability to respond to a cyber-attack. That’s according to new research from Infoblox Inc., a Secure Cloud-Managed Network Services firm.
As healthcare providers continue to undertake digital transformation initiatives in an effort to improve efficiencies and the quality of care they deliver, the risk of falling victim to cyberattack is increasing. Infoblox commissioned a survey of healthcare IT professionals in the UK, US, Germany and the Benelux Union to gauge the preparedness of the industry to tackle cyberthreats.
The research reveals that 92% of healthcare IT professionals are confident in their organization’s ability to respond to a cyber-attack, compared to only 82% two years ago. More than half (56%) have automated systems in place that actively scan their networks for suspicious activity, and around a third (31%) have their own Security Operation Centers (SOCs) for the same purpose. However, despite this confidence, the industry still faces challenges.
In the event of ransomware, nearly half (39.7%) of IT professionals are not aware if their organization would be willing to pay a ransom in the event of a cyber-attack. Additionally, a quarter (24%) remain defiant, however, stating that they would be unwilling to pay a ransom. A large amount of uncertainty remains for IT professionals about how they should respond to potential ransomware attacks.
Healthcare organizations are spending between 11 and 20 percent more on cybersecurity than in 2017, with the top three investments being anti-virus software (59%), firewalls) (52%), and application security (51%). Additionally, employee education has grown in popularity, with a ten percent higher investment in 2019 compared to 2017. The reason for this has much to do with improving email hygiene in an effort to avoid phishing scams and the delivery of ransomware.
Healthcare IT professionals are addressing the growing adoption of the Internet of Things (IoT) and as a result the number of security policies in place for new connected devices has increased from 85 to 89 percent, with fewer respondents doubting the effectiveness of these policies (9% in 2019 vs. 13% in 2017).
The majority (66%) of connected devices now run on Microsoft Windows 10, however Linux (33%) and Mac OS X (31%) popularity is growing significantly since 2017. Over a quarter of medical devices continue to run on old operating systems including Microsoft Windows 7 (26.5% running medical devices) and Microsoft Windows 8 (4.6% running medical devices). Also, an alarming number of IT professionals (16.6%) do not have the ability to patch their operating systems, leaving their network wide open for attacks.
Victor Danevich, CTO of Systems Engineering at Infoblox said: “Healthcare companies hold some of the most sensitive and valuable personal data, making them extremely vulnerable to cyberattack. Additionally, as the number of internet connected devices in this industry continues to skyrocket, cybercriminals will have a surplus of options to mine for network vulnerabilities”
“Although healthcare IT providers are some of the most educated and concerned security buyers, they mustn’t become complacent, and must continue to think strategically about ensuring the security of their networks and – most importantly – the safety of their patients.”
Ashraf Sheet, Regional Director, Middle East & Africa at Infoblox says, “It’s encouraging to see healthcare organizations across the globe taking action in the form of increased cybersecurity spending, managing connected devices, and educating employee security protocols. By taking such precautions, healthcare IT providers are right to be more confident about their ability to tackle threats to their network. They mustn’t become complacent, though, and must continue to think strategically about ensuring the security of their networks and – most importantly - the safety of their patients.”
To download the Cybersecurity in Healthcare report, click here.