85% of Healthcare IT Pros Have Seen Increased Cyber Risk in Past Year
A survey on healthcare cybersecurity was distributed to 400 healthcare IT professionals and 2,030 general respondents.
A recent survey of 400 IT professionals working in U.S. healthcare organizations found the vast majority are concerned about the potential for data breaches and attacks using medical equipment.
The survey, conducted by Armis, a security platform provider, found 85% of IT respondents agreed they have seen increased cyber risk over the past 12 months. Ransomware, in particular, is on the rise with more than half (57%) stating their organization has been hit with ransomware.
The survey also found 52% of IT pros are most concerned about data breaches resulting in loss of confidential patient information. After data breaches, 23% of IT professionals were most concerned about attacks on hospital operations and 13% were most concerned about ransomware attacks.
According to Armis, there are approximately 430 million connected medical devices already deployed worldwide with the number continuing to rise, creating an expanded attack surface and leaving many hospitals vulnerable to a variety of cybersecurity flaws in pneumatic tubes, technologies used in HVAC systems, B. Braun infusion pumps and more, according to ZDNet.
Healthcare IT professionals said building systems such as HVAC and electrical (54%), imaging machines (43%), medication dispensing equipment (40%), kiosks for check-in (39%), and vital sign monitoring equipment (33%) were the most at-risk devices.
In addition to IT professionals, the survey was distributed to 2,030 general respondents — referred to as potential patients — to gauge their understanding of and concerns regarding cybersecurity. Despite the growing concern among IT professionals, the survey found 61% of potential patients had not heard of any cyberattacks in the healthcare industry in the past 24 months.
Armis said the lack of unawareness is “striking” considering 49% of potential patients said they would change hospitals if their healthcare organization was hit by a ransomware attack. The survey also found 33% of potential patients have been a victim of a healthcare cybersecurity attack and 37% are concerned about hospitals using online portals for patient information.
On the upside, the survey found healthcare organizations are taking steps to make cybersecurity a priority, with 86% of It pros saying their organization has hired a chief information security officer (CISO) and 95% saying their connected devices were up-to-date with the latest software.
Additionally, 75% said recent attacks have been the driving force behind cybersecurity changes, and 52% said their organization is allocating more money to secure its IT systems.
“Continuous visibility, context and alignment of security analytics to enterprise risk is the beacon to which we need to move to improve how we view device and asset management,” said Oscar Miranda, CTO for Healthcare at Armis. “It is critical for healthcare organizations to take the entire patient journey into consideration when thinking about security. A strong healthcare security strategy is multi-faceted and requires a holistic view.”