17 November 2017
The healthcare industry is leaving itself open to cyber attacks because of poor network knowledge and practises, according to a new study by Infoblox.
In July, the network intelligence specialist surveyed 152 healthcare IT pros in the UK and 153 in the US.
It found that as cyber criminals increasingly shift to a ransom model rather than resale model for financial gain, the healthcare industry has become a popular target for ransomware.
Citing a Freedom of Information request by endpoint security company SentinelOne earlier this year, Infoblox says a third of NHS trusts have been infected by ransomware.
Following the significant disruption caused to the NHS by WannaCry in May, many healthcare organisations are preparing themselves for further ransomware attacks.
Of the IT pros surveyed by Infoblox, 26 per cent reported that their organisation would be willing to pay a ransom in the event of a cyber attack. Of these, 85 per cent said that they have a plan in place for this situation.
“Dangerous” operating systems
When asked about which operating systems are running on their network, more than 22 per cent reported the presence of Windows 7, the OS exploited in the WannaCry attack.
Similarly, 20 per cent said that Windows XP was still running on their network. Microsoft stopped supporting this in April 2014.
With the cyber threat landscape evolving dramatically fast, Infoblox says it is essential that IT teams patch everything as soon as possible when new threats are discovered.
It adds that while Microsoft advised all organisations running XP to update to a modern OS, certain institutions were concerned that their specialised legacy software would not be able to run on newer platforms.
For fear of disruption to patient care, many hospitals and health centres have therefore continued using outdated operating systems.
Infoblox warns that these “dangerous” platforms also power some medical equipment, such as MRI scanners, which have a shelf life spanning decades and are more difficult to update and/or patch.
More than 20 per cent of those surveyed reported having more than 5,000 devices on their network. This figure increased to 37 per cent in organisations with more than 500 employees.
However, 15 per cent of UK healthcare IT pros and 11 per cent in the US don’t believe that their current security policy for newly connected devices is effective.
According to Infoblox, this could suggest that hospitals and health centres are rapidly adopting new connected devices “without due care and attention” towards security policies.
More worrying, seven per cent of the IT pros surveyed did not know what operating systems their medical devices were running on.
Investing in the right security
In response to the growing threat, 85 per cent of those polled said they have increased their cyber security spending over the past year, with 12 per cent increasing this by more than 50 per cent.
Of the investments made, Infoblox found that getting the basics right appears to be the priority with traditional security solutions. Anti-virus software and firewalls were the most popular investments for cyber security spending in the industry (60 per cent and 57 per cent respectively).
The company adds that the rise in malicious activity has also led many healthcare organisations to spend money on other solutions.
It found that half have invested in network monitoring; one third in DNS security solutions which can actively disrupt DDoS attacks and data exfiltration; and 37 per cent in application security.
The study also reveals that encryption is being deployed more regularly in the US than UK, with half of US healthcare IT pros reporting that their company invests in encryption software, compared to 36 per cent of those in the UK.
Similarly, roughly one third indicated that their company is investing in employee education, email security solutions and threat intelligence (35 per cent, 33 per cent and 30 per cent respectively), with just one in five investing in biometrics solutions.
Despite all the investments, nearly a quarter (23 per cent) reported that they are not confident in their organisation’s ability to respond to a cyber attack.
“Firewalls and anti-virus are not effective in defending against new IoT threats, for example,” states the firm as part of its conclsuions.
“Therefore, CIOs and IT managers need to plan their cyber defences to protect against evolving threats, such as through DNS security and threat intelligence.”