Armis, security platform provider, has released new data showing the increased security risk faced by healthcare organisations and patients as an increase in connected devices creates an expanded attack surface, putting the patient journey at risk.
The survey, in conjunction with Censuswide, looked at perspectives of over 2,000 potential patients in various industries and 400 IT professionals working in healthcare organisations from across the United States.
Key findings of the survey include:
- Increased cyber risk: Eighty-five per cent of IT professional respondents agreed they have seen increased cyber risk over the past 12 months.
- Ransomware on the rise: Ransomware alone has hit organisations hard, with 58 per cent of IT pros in healthcare stating that their organization has been hit with ransomware.
- Potential patients are not paying attention: The data also shows that while patients are concerned about security, and acknowledge the impact that an attack could have on their care, there is a shocking unawareness about recent cyberattacks. Despite major media headlines around vulnerabilities in pneumatic tubes, technologies used in HVAC systems, to vulnerabilities in two types of B. Braun infusion pumps and REvil attacks on healthcare organisations, 61 per cent of potential patients stated they had not heard of any cyberattacks in the healthcare industry in the past 24 months.
- Breaches guide potential patient decisions: This lack of awareness is striking, given almost half (49 per cent) of potential patients said that they would change hospitals if their healthcare organisation was hit by a ransomware attack.
Oscar Miranda, CTO for Healthcare at Armis says: “Continuous visibility, context and alignment of security analytics to enterprise risk is the beacon to which we need to move to improve how we view device and asset management.
“It is critical for healthcare organisations to take the entire patient journey into consideration when thinking about security. A strong healthcare security strategy is multi-faceted and requires a holistic view. Armis is committed to helping its healthcare customers realize the vision where risk management and continuity of operations can exist symbiotically.”
There are 430 million connected medical devices already in deployment worldwide, with the number continuing to rise, creating an expanded attack surface. According to the survey, 33 percent of potential patients stated that they have been the victim of a healthcare cybersecurity attack.
But the survey also shows a disconnect between the concerns of patients and the concerns of IT professionals working in healthcare.
Additional findings include:
- IT Pros are most concerned about data breaches: Data breaches resulting in loss of confidential patient information was a top concern for healthcare IT pros (52 per cent), followed by attacks on hospital operations (23 per cent), and ransomware attacks (13 per cent)
- Critical infrastructure attacks were seen as the riskiest: Security risks in a hospital’s infrastructure topped the list of the biggest risks (49 per cent), followed by the risk of inputting information into an online portal (31 per cent) and staying in a hospital room with connected devices (17 per cent)
- Building systems were seen as the riskiest devices: Healthcare IT professionals said building systems such as HVAC, electrical, etc. (54 per cent), Imagine machines (43 per cent), Medication dispensing equipment (40 per cent), Kiosks for check-in (39 per cent), and vital sign monitoring equipment (33 per cent) were the riskiest devices.
- Potential patients concerned about impact of security on quality of care: An overwhelming majority (73 per cent) of potential patients surveyed recognize that an attack could impact their quality of care. Privacy issues associated with online portals (37 per cent) topped the list of concerns for potential patients, and 52 per cent said they were worried about an attack shutting down hospital operations and potentially affecting patient care.
- Potential patients trust their best friend more than their healthcare provider: Sixty-six percent of potential patients believe their healthcare provider is doing enough to protect their personal information. In fact, 30 per cent of US patients trust their best friends more with their sensitive healthcare information than they do healthcare organisations (23 per cent)
- Healthcare organiSations are taking steps toward a more secure environment: 86 per cent of respondents stated that their organisation has a CISO, and 95 per cent of IT healthcare professionals believe their organisation’s connected devices are up-to-date with the latest software.
- Recent attacks are a catalyst for change: 75 per cent of IT healthcare professionals agree that recent attacks have had a strong influence on decision-making at their health organisation
- Organisations are putting their money where their mouth is: 52 per cent of IT healthcare professionals believe their healthcare organisation is allocating more than sufficient funds to secure its IT systems
- But there is still a long way to go: 63 per cent of IT healthcare professionals said that their organisation has had to submit a cyber insurance claim.
Despite the strides the industry has made, there is still a long way to go when it comes to securing the patient journey. Sixty-three percent of IT healthcare professionals said that their organisation has had to submit a cyber insurance claim, and that number is expected to rise along with the expanding attack surface.