Hospitals and healthcare providers have faced an array of challenges over the past year or two. Beyond dealing with the coronavirus pandemic, these organizations have been increasingly targeted with ransomware and other cyberattacks. Research released Wednesday by security provider Armis looks at the ways that hospitals and patients are vulnerable to cyber threats.
SEE: Security Awareness and Training policy (TechRepublic)
Armis’s new research is based on an October 2021 survey conducted by Censuswide of 400 IT professionals working in healthcare institutions across the U.S. as well as 2,030 general respondents and patients.
A full 85% of the healthcare respondents said they’ve seen an increase in cyber risk over the past 12 months. Ransomware has been one of the most devastating threats, as 58% of the IT pros in this sector said their organization has been hit with a ransomware attack.
But ransomware is usually preceded by some type of breach as the criminals must first gain access to network resources. In that vein, 52% of the healthcare IT pros surveyed cited data breaches as the most concerning threat. Some 23% were most anxious about attacks on hospital operations, while 13% were worried about ransomware attacks themselves.
Hospitals need to worry about more than just data. Medical equipment, building machinery and other types of equipment are vulnerable as well. Asked which devices are considered the riskiest, 54% pointed to HVAC and electrical systems, 43% to imaging machines, 40% to equipment that dispenses medicine, 39% to kiosks for check-in and 33% to vital sign monitoring equipment.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
Following up on the topic of vulnerable areas, respondents were asked to identify the biggest security risks. Some 49% cited the hospital’s infrastructure as the largest risk, 31% to entering information in an online portal, and 17% to staying in a hospital room with connected devices.
On the plus side, the increase in cyberattacks has prompted healthcare providers to shore up their defenses. Among the healthcare IT pros surveyed, 75% said recent attacks have strongly influenced the security decisions made at their organizations.
Some 85% reported that their employers have a chief information security officer and 95% said they believe their organization’s connected devices have the latest updates. Some 52% said they think their employer is allocating more than enough money to secure their systems, though that still leaves 48% who feel otherwise.
Among the patients surveyed, 33% said that they’ve been the victim of a cyberattack against a healthcare provider. Asked about their top concerns over such an attack, 73% said they were worried that it could impact their quality of care. Some 52% said they were afraid that an attack could shut down hospital operations and impact patient care.
To help healthcare providers and patients better protect themselves and their data, Oscar Miranda, CTO for healthcare at Armis, offered several tips.
For healthcare IT professionals:
- Keep an inventory of all connected devices within a clinical environment and make sure that it’s accurate and up to date.
- Take advantage of threat intelligence to identify and prioritize gaps in your security defenses.
- Adopt a risk-based approach to identify and resolve any gaps in your secure defenses.
- Don’t click on a file attachment or link in an email that seems even slightly suspicious.
- Don’t use the same username and password for all your online accounts.
- Be sure to use strong and complex passwords.
- Adopt two-factor authentication or multi-factor authentication whenever and wherever possible.