Armis, the unified asset visibility and security platform provider, conducted a recent survey to take a look at the condition of cybersecurity in the healthcare industry and the security risks that healthcare organizations are now facing.
The survey was performed by Censuswide on 400 IT specialists at healthcare companies throughout the U.S., and 2,000 U.S. patients to get their opinions on cybersecurity and data breaches in the healthcare industry.
The survey affirmed the increasing cyber risk, with 85% of respondents claiming cyber risk has grown in the last 12 months. Ransomware gangs have targeted the healthcare sector over the past 12 months, and many of those attacks have been successful. 58% of the surveyed IT experts mentioned their company had encountered a ransomware attack during the past 12 months.
13% of IT security professionals see ransomware attacks as a reason for concern, saying many are confident that they can retrieve data in case of an attack. Nevertheless, data breaches that bring about the loss of patient information were a serious concern, with 52% of IT experts rating data loss as a major problem, with cyberattacks on hospital operations ranked as the main issue by 23% of healthcare IT pros.
Protecting against cyberattacks is growing to be more and more difficult considering the broadening of attack surfaces. Armis says there are now 430 million interconnected healthcare devices globally, and that number will continue to rise. When asked regarding the riskiest systems and devices, building systems including HVAC were the greatest issue with 54% of IT specialists rating them as a serious cybersecurity risk. Imaging machines were considered as among the riskiest by 43% of survey respondents, then medication dispensing equipment (40%), check-in kiosks (39%), and vital sign checking devices (33%). Although there is concern concerning the protection of these systems and medical devices, 95% of IT experts stated they thought their linked devices and systems were patched and operating on the most recent software.
The increase in cyberattacks on the healthcare industry is impacting decisions in healthcare. 75% of IT specialists mentioned recent attacks have had a formidable impact on decision making and 86% of survey participants stated their company had designated a CISO; nevertheless, only 52% of survey respondents reported their firm was allocating more than adequate funding to pay for IT security.
The survey of patients suggested one third had been the target of a healthcare attack, and although nearly half of patients (49%) mentioned they would change healthcare service provider if it suffered a ransomware attack, a lot of patients are not aware of the magnitude of current cyberattacks and how frequently they are currently being reported. In 2018, healthcare data breach reports were submitted at a rate of 1 each day. In the last year, 7 months had data breach reports of more than 2 every day.
In spite of substantial media reports concerning healthcare data breaches and vulnerabilities in medical devices, 61% of potential patients stated they did not hear about any healthcare cyberattacks in the last two years, obviously showing numerous patients are uninformed of the danger of ransomware and other cyberattacks. Nonetheless, patients are aware of the effect those cyberattacks may have, with 73% of prospective patients understanding a cyberattack could impact the quality of medical care they get.
When potential patients were questioned regarding their privacy considerations, 52% mentioned they were concerned that a cyberattack would close down hospital operations and will possibly affect patient care, and 37% stated they were worried about the privacy of information accessible using online portals.
There definitely appears to be trust issues, as just 23% of prospective patients stated they respected their healthcare company with their sensitive personal data. In contrast, 30% stated they relied on their best friend with that data.