Almost two years since WannaCry,
the ransomware attack that brought the NHS (National Health Service) to a halt,
healthcare IT professionals feel more confident in their ability to respond to
a cyber-attack. That's according to new research from Infoblox Inc., the leader in
Secure Cloud-Managed Network Services.
As healthcare providers continue to
undertake digital transformation initiatives in an effort to improve efficiencies
and the quality of care they deliver, the risk of falling victim to cyberattack
is increasing. Infoblox commissioned a survey of healthcare IT professionals in
the UK, U.S., Germany and the Benelux Union to gauge the preparedness of the
industry to tackle cyberthreats.
The research reveals that 92
percent of healthcare IT professionals are confident in their organization's
ability to respond to a cyber-attack, compared to only 82 percent two years
ago. More than half (56%) have automated systems in place that actively scan
their networks for suspicious activity, and around a third (31%) have their own
Security Operation Centers (SOCs) for the same purpose. However, despite this
confidence, the industry still faces challenges.
Ransomware
In the event of ransomware, nearly
half (39.7%) of IT professionals are not aware if their organization would be
willing to pay a ransom in the event of a cyber-attack. Additionally, a quarter
(24%) remain defiant, however, stating that they would be unwilling to pay a
ransom. A large amount of uncertainty remains for IT professionals about how
they should respond to potential ransomware attacks.
Greater investment
Healthcare organizations are
spending between 11 and 20 percent more on cybersecurity than in 2017, with the
top three investments being anti-virus software (59%), firewalls) (52%), and
application security (51%). Additionally, employee education has grown in
popularity, with a ten percent higher investment in 2019 compared to 2017. The
reason for this has much to do with improving email hygiene in an effort to
avoid phishing scams and the delivery of ransomware.
Connected devices
Healthcare IT professionals are
addressing the growing adoption of the Internet of Things (IoT) and as a result
the number of security policies in place for new connected devices has
increased from 85 to 89 percent, with fewer respondents doubting the
effectiveness of these policies (9% in 2019 vs. 13% in 2017).
The majority (66%) of connected
devices now run on Microsoft Windows 10, however Linux (33%) and Mac OS X (31%)
popularity is growing significantly since 2017. Over a quarter of medical
devices continue to run on old operating systems including Microsoft Windows 7
(26.5% running medical devices) and Microsoft Windows 8 (4.6% running medical
devices). Also, an alarming number of IT professionals (16.6%) do not have the
ability to patch their operating systems, leaving their network wide open for
attacks.
Victor Danevich, CTO of Systems
Engineering at Infoblox, said: "Healthcare companies hold some of the most
sensitive and valuable personal data, making them extremely vulnerable to
cyberattack. Additionally, as the number of internet connected devices in this
industry continues to skyrocket, cybercriminals will have a surplus of options
to mine for network vulnerabilities"
"Although healthcare IT
providers are some of the most educated and concerned security buyers, they
mustn't become complacent, and must continue to think strategically about
ensuring the security of their networks and - most importantly - the safety of
their patients."
To download the Cybersecurity in
Healthcare report, visit: https://www.infoblox.com/resources/report/cybersecurity-in-healthcare