One in four UK healthcare IT people aren’t confident in their organisation’s ability to respond to cyberattacks, according to Infoblox’s report Cybersecurity in healthcare: the diagnosis.
Technology is booming in healthcare with digital transformation policies leading to increased adoption of connected medical devices, big data analytics for faster and more accurate diagnoses, and paperless systems for the easy exchange of patient information, the network control product company says.
As technology becomes more ingrained into healthcare, there is an increased threat of cyberattacks disrupting services, stealing sensitive patient data, and putting lives at risk. Infoblox commissioned a survey of UK and US healthcare IT to gain understanding of whether the healthcare industry is adequately prepared to combat this evolving threat.
Following the significant disruption caused to the NHS by WannaCry in May 2017, many healthcare organisations are preparing themselves for further ransomware attacks. One quarter of participating healthcare IT professionals reported that their organisation would be willing to pay a ransom in the event of a cyberattack. Of these, 85 per cent of UK respondents have a plan in place for this situation.
The number of connected devices on healthcare organisations’ networks is exploding, with 47 per cent of the large healthcare organisations surveyed indicating that they are managing over 5,000 devices on their network. One in five in healthcare IT surveyed reported that Windows XP is running on their network, which has been unsupported since April 2014. Near one in five, 18 per cent indicated that connected medical devices on their network are running on the unsupported operating system, leaving organisations open to exploitation through security flaws in these unpatched devices.
Patching outdated operating systems is impossible for the 7 per cent of IT professionals responding that they don’t know what operating systems their medical devices are running on. Even when the operating system these devices run on is known, a quarter (26pc) of large organisations either can’t or don’t know if they can update these systems.
Most, 85 per cent of healthcare IT people reported that their organisation has increased their cybersecurity spending in the past year, with 12 per cent of organisations increasing spending by over 50 per cent. Traditional security solutions are the most popular, with anti-virus software and firewalls the solutions most invested in over the past year, at 61 per cent and 57 per cent respectively.
Half of organisation have invested in network monitoring to identify malicious activity on the network; one third have invested in DNS security solutions, which can actively disrupt Distributed Denial of Service (DDoS) attacks and data exfiltration; and 37 per cent have invested in application security to secure web applications, operating systems and software.
Rob Bolton, Director of Western Europe at Infoblox said: “The healthcare industry is facing major challenges that require it to modernise, reform and improve services to meet the needs of ever more complex, instantaneous patient demands. Digital transformation presents a massive opportunity to support the doctors and nurses who work tirelessly – but these new technologies also introduce new cyber risk that must be mitigated. The widespread disruption experienced by the NHS during the WannaCry outbreak demonstrated the severe impact to health services that can be caused by a cyberattack. It’s crucial that healthcare IT professionals plan strategically about how they can manage risk within their organisation and respond to active threats to ensure the security and safety of patients and their data.”
The report includes a case study on how Geisinger Health in the United States uncovered malicious activity on its network.
