50% of hospitals have been victims of a cyber attack

Over the last six months 50% of hospitals have experienced a serious cyber attack that has led to an IT shutdown or a serious challenge to security.

CyberMDX, a cyber security provider dedicated to protecting IoT and medical devices for health delivery worldwide, has released its Perspectives in Healthcare Security Report. The report, in collaboration with Philips, examines attitudes, concerns, and impacts on medical device security as well as cyber security across large and midsize healthcare delivery organisations. 

The study, conducted by global market research leader Ipsos, surveyed 130 hospital executives in Information Technology (IT) and Information Security (IS) roles, as well as BioMed technicians and engineers. The respondents, who averaged 15 years of experience in their fields, provided insight into the current state of medical device security within hospitals as well as highlighting the challenges their organisations face.

Healthcare is one of the most targeted industries when it comes to cyber attacks. A recent report from the HHS Cyber Security Programme in the US cited a total of 82 ransomware incidents so far this year worldwide with 60 per cent of them impacting the United States health sector. Recent headlines from notorious gangs such as REvil or Conti contribute to the impact where hospitals now account for 30 per cent of all large data breaches and at an estimated cost of $21 billion in 2020 alone.

"With new threat vectors emerging every day, healthcare organisations are facing an unprecedented level of challenges to their security," said Azi Cohen, CEO of CyberMDX. "Hospitals have a lot at stake from revenue loss, to reputational damage and most importantly patient safety. Our new report provides a critical look into the current state of medical device security and will help raise awareness of key issues and disconnects healthcare organizations are facing with their cybersecurity."

Key Findings from the survey include:

  • Ransomware is Attacking the Bottom Line - 48 per cent of hospital executives reported either a forced or proactive shutdown in the last six months as a result of external attacks or queries.
  • Midsize hospitals feeling more pain - Of respondents that experienced a shutdown due to external factors, large hospitals reported an average shutdown time of 6.2 hours at a cost of $21,500 per hour while midsize hospitals averaged nearly 10 hours at more than double the cost or $45,700 per hour.
  • Cybersecurity Investment Not a High Priority - Despite continuing cyber attacks against healthcare and roughly half of respondents experiencing an externally motivated shutdown in the last six months, more than 60 per cent of hospital IT teams have "other'' spending priorities and less than 11 per cent say cyber security is a high priority spend.
  • Dangerous Vulnerabilities Persist - When asked about common vulnerabilities such as BlueKeep, WannaCry and NotPetya, the majority of respondents said their hospitals were unprotected. 52 per cent of respondents admitted their hospitals were not protected against the Bluekeep vulnerability, and that number increased 64 per cent for WannaCry and 75 per cent for NotPetya.
  • Lack of Automation Creates Gaps in Security - 65 per cent of IT teams in hospitals rely on manual methods for inventory calculations with 7 per cent still in full manual mode. In addition, 15 per cent of respondents from midsize hospitals and 13 per cent from large hospitals admitted they have no way to determine the number of active or inactive devices within their networks.
  • Is there a Staffing Disconnect? - While 2/3 of IT teams believe they are adequately staffed for cybersecurity, more than half of Biomed teams believe more staff is needed. Conversely, the industry has been experiencing a cybersecurity talent shortage and 100+ day lag to fill jobs.
  • Cyber Insurance and Compliance are Popular Options - 58 per cent of IT teams consider compliance "almost always" and rate it a high impact on their jobs. Similarly, 58 per cent also said they had cyber insurance.

"No matter the size, hospitals need to know about their security vulnerabilities," said Maarten Bodlaender, Head of Cyber Security Services at Philips. "Proper cybersecurity begins with a clear understanding of the evolving landscape, and this survey is part of our ongoing efforts to provide insight into cybersecurity needs across healthcare organisations."

The report is a continuation of the partnership between Philips and CyberMDX announced in November 2020 and represents their joint commitment to provide solutions to protect connected medical systems and devices.

Share

Featured Articles

Trustwave Reveals the Financial Sector's Cyber Threats

Although it's not new to think that financial services organisations are prime targets for cybercriminals, the threat landscape they find themselves in is

TCS and Google Cloud Join for Solution to Secure the Cloud

TCS partners with Google Cloud to launch a range of AI-powered cybersecurity solutions to help businesses secure their clouds against advanced threats

Cybersecurity Conglomerate Reveals Threats Facing Consumers

Cybersecurity Conglomerate Gen quarterly report reveals shocking statistics like the fact that consumers are now increasingly at risk from Ransomware

Decoding the US' Most Misunderstood Data Security Terms

Cyber Security

Orange Cyberdefense's Wicus Ross Talks Cyber Extortion Trend

Hacking & Malware

Palo Alto Networks Buy IBM's QRadar Assets in Win for SIEM

Network Security