investment in hospitals remains a low priority despite continuing attacks on healthcare delivery organizations, according to a report from CyberMDX and Philips.
Published on 12 August 2021, the Perspectives in healthcare security report examines the impact ofon large and mid-size hospitals and the challenges these organizations face in responding to them.
“With new threat vectors emerging every day, healthcareto their security,” said Azi Cohen, CEO of CyberMDX.
“Hospitals have much at stake – from revenue loss toand, most importantly, patient safety. Our report provides a critical look into the current state of medical of key issues and disconnects healthcare organizations face with their cyber security.”
The report – which is based on a study conducted by global market research firm Ipsos – added that “whether the hack is committed by notorious gangs such as REvil or Conti or lesser-known hackers, hospitals now account forand at an in 2020 alone.”
According to the survey results, 48% of hospitalor proactive shutdown in the past six months due to external attacks or queries.
This aligns with, which found that cyberattacks in the healthcare industry had grown by 45% between November 2020 and January 2021. It also found that ransomware, botnets, remote code execution, and distributed denial-of-service (DDoS) attacks were the most common incidents faced by healthcare organizations.
However, the CyberMDXattacks on hospitals, more than 60% of hospital IT teams said they have “other’ spending priorities and less than 11% said cyber security is a high-priority spend.
The lack of priority given tospending is also happening despite high material repercussions and a clear awareness that there is little protection from dangerous vulnerabilities.
For example, the report found that cyber-attacks were much more significant in smaller hospitals. Out of those that experienced a shutdown,an average shutdown time of 6.2 hours for $21,500 per hour, while mid-size hospitals averaged nearly 10 hours at more than double the cost of $45,700 per hour.
Most respondents also said their hospitals were unprotected against common but dangerous vulnerabilities. This includes 52% admitting their hospitals was not protected against the Bluekeep exposure, which increased to 64% and 75% for WannaCry and NotPetya.
In terms of closing the security gaps, the report implied that automation would go a long way to helpingteams gain visibility of vulnerable devices, as the majority still rely on manual processes for inventory calculations.
For example, 65% of hospital IT teams rely on manual inventory calculation methods. In comparison, 15% of mid-size and 13% of large hospitals admitted they could not determine the number ofwithin their networks.
In January 2021, Adam Enterkin, Europe, Middle East, and Africa (EMEA) senior vice-president at BlackBerry, said that becausecybercrime – mainly due to a lack of large, highly skilled cyber security teams – investing in automated technologies could help them protect their assets.
“Automation is key, andtake on the heavy lifting. To allow healthcare professionals to prioritize immediate care and ever-present , AI [artificial intelligence] and are the solutions due to their continuous learning capabilities and proactive threat modeling, which grows in sophistication over time,” he said.
“For instance, if a healthcare professional clicks on a suspect link, cutting-edge algorithms, and artificial intelligence can step in proactively to protect them, preventing threats like malware, viruses, ransomware, and malicious websites.”