A quarter of healthcare IT professionals doubt their ability to respond to cyber attacks

Infoblox report examines whether healthcare industry is prepared to combat evolving cyber threats

  • Infoblox publishes new research into the current state of cyber security in UK healthcare organisations
  • It reveals 47% of large healthcare organisations are managing over 5,000 devices on their network
  • 1 in 5 organisations have Windows XP running on their network and 18% of respondents have connected medical devices running on Windows XP
  • 1 in 4 healthcare organisations would be willing to pay a ransom in the event of a cyberattack, and 85% have a plan in place for this situation
  • However, the report also reveals that 85% of organisations have increased their cybersecurity spending in the past year, with 12% increasing their spending by over 50%
  • Firewalls and anti-virus software are the most invested-in security solutions

The WannaCry incident highlighted flaws with IT security within the health sector

New research has revealed that one in four UK healthcare IT professionals doubt their organisation’s ability to respond to the growing threat of cyber attacks.

As technology becomes more ingrained into core healthcare offerings, there is an increased threat of cyber attacks disrupting services, stealing sensitive patient data, and putting lives at risk

Technology is booming in healthcare organisations with digital transformation policies leading to increased adoption of connected medical devices, big data analytics for faster and more-accurate diagnoses, and paperless systems for the easy exchange of patient information.

As technology becomes more ingrained into core healthcare offerings, there is an increased threat of cyber attacks disrupting services, stealing sensitive patient data, and putting lives at risk.

Infoblox commissioned a survey of UK and US healthcare IT professionals to gain a better understanding of whether the healthcare industry is adequately prepared to combat this evolving threat.

The diagnosis reveals:

Ready for ransomware

Following the significant disruption caused to the NHS by WannaCry in May 2017, many healthcare organisations are preparing themselves for further ransomware attacks.

A quarter of participating healthcare IT professionals reported that their organisation would be willing to pay a ransom in the event of a cyberattack. Of these, 85% of UK respondents have a plan in place for this situation.

Dangerous operating systems

The number of connected devices on healthcare organisations’ networks is exploding, with 47% of the large healthcare organisations surveyed indicating they are managing over 5,000 devices on their network.

One in five healthcare IT professionals reported that Windows XP is running on their network, which has been unsupported since April 2014. Eighteen per cent indicated that connected medical devices on their network are running on the unsupported operating system, leaving organisations open to exploitation through security flaws in these unpatched devices.

Patching outdated operating systems is impossible for the 7% of IT professionals responding that they don’t know what operating systems their medical devices are running on.

Even when the operating system these devices run on is known, a quarter (26%) of large organisations either can’t or don’t know if they can update these.

Investing against the threat

85% of healthcare IT professionals reported that their organisation has increased their cybersecurity spending in the past year, with 12% of organisations increasing spending by over 50%.

Digital transformation presents a massive opportunity to support the doctors and nurses who work tirelessly – but these new technologies also introduce a new cyber risk that must be mitigated

Traditional security solutions are the most popular, with anti-virus software and firewalls the solutions most invested in over the past year, at 61% and 57% respectively.

Half of organisations have invested in network monitoring to identify malicious activity on the network; a third have invested in DNS security solutions, which can actively disrupt Distributed Denial of Service (DDoS) attacks and data exfiltration; and 37% have invested in application security to secure web applications, operating systems, and software.

Rob Bolton, general manager and director of Western Europe at Infoblox, said: “The healthcare industry is facing major challenges that require it to modernise, reform and improve services to meet the needs of ever-more-complex, instantaneous patient demands.

“Digital transformation presents a massive opportunity to support the doctors and nurses who work tirelessly – but these new technologies also introduce a new cyber risk that must be mitigated.

“The widespread disruption experienced by the NHS during the WannaCry outbreak demonstrated the severe impact to health services that can be caused by a cyber attack.

“It’s crucial that healthcare IT professionals plan strategically about how they can manage risk within their organisation and respond to active threats to ensure the security and safety of patients and their data.”

The report includes a case study on how Geisinger Health uncovered malicious activity on its network and was able to quickly and accurately identify the offending device, containing the malware before it spread throughout the network.

Commenting on the event, Rich Quinlan, senior technical analyst at Geisinger Health, said: “In spite of all the conventional steps we take to protect our internal network, patient care could still be affected.

It’s crucial that healthcare IT professionals plan strategically about how they can manage risk within their organisation and respond to active threats to ensure the security and safety of patients and their data

“We could have an entire hospital full of useless ultrasound devices because one was brought in with a virus and we have no control over them. And if it was able to exfiltrate data, we would have a compliance issue.”

The report also draws on the survey findings to provide actionable recommendations to healthcare organisation to better combat against the evolving cyber threat. These include:

1. Know your network

Understanding what devices are on your network and what operating systems those devices are running on is essential to ensure that vulnerable endpoints are patched and not leaving healthcare organisations exposed. Organisations must also be able to identify what malicious behaviour looks like on their network to identify when cyber attacks are underway. With network monitoring, IT professionals can be notified in real time of any anomalous behaviour on the network that may be an indicator of malicious activity.

With threat intelligence-based DNS Security solutions, the vulnerable network infrastructure itself can be weaponised to recognise and block DNS traffic to and from known malicious domains using reputation lists and signature detection. It can also identify legitimate traffic, enabling the detection of exploits and data exfiltration.

2. Controlled chaos is better than disruption and destruction

The research demonstrated that a significant number of healthcare organisations have both IT and medical devices on their networks that run on the outdated Windows XP, introducing unnecessary risk to their network since Microsoft stopped supporting the operating system in April 2014.

While there is a valid concern in many organisations that many critical software and applications may no longer work on new operating systems, healthcare IT professionals must introduce a plan to update operating systems to supported versions. This may cause short-term issues in terms of the running of certain software and/or devices, but it is better to manage that anticipated inconvenience, rather than wait until it is maliciously exploited as this will ultimately result in a far greater cost to the organisation, either through significant disruption of services or the loss of sensitive data.

3. Have a plan

As cyber criminals see greater reward driven from ransom over resale, ransomware attacks will continue to increase and healthcare organisations have clearly already been identified as popular targets.

Organisations need a plan of action to deal with a ransomware attack, whether they wish to pay or not.

Minimising disruption will be key to ensuring that healthcare organisations can continue providing essential services to patients, and every effort should be made to make the response as quick and streamlined as possible.

4. Strategic cyber spending

Healthcare organisations are spending more on cyber security, but it is essential that this additional budget is spent strategically.

Firewalls and anti-virus are not effective in defending against new IoT threats, for example. Therefore, CIOs and IT managers need to plan their cyber defences to protect against evolving threats, such as through DNS security and threat intelligence.

Companies