Confidence around cyber security in healthcare at ‘all-time high’

Infoblox report examines healthcare industry’s approach to cyber threat two years after the WannaCry attack

  • Infoblox survey questioned healthcare IT professionals from the UK and overseas
  • 92% of respondents are now confident in their ability to respond to a cyber attack, compared to 82% in 2017
  • 56% now have automated systems in place to scan for suspicious activity
  • 32% of organisations have a plan in place to pay a ransom in the event of an attack. But 24% state they would be unwilling to pay a ransom
  • Healthcare organisations are spending more on cyber security, with the biggest investment in anti-virus software firewalls, and application security
  • The number of security policies in place for new connected devices is up from 85-89%
  • And the number of devices running on Windows XP, which has been unsupported since 2014, has fallen from one in five to one in 10

Almost two years since the ransomware attack that brought the NHS to a standstill, healthcare IT professionals feel more confident in their ability to respond to a cyber attack.

A survey by Infoblox quizzed healthcare IT professionals in the UK, US, Germany and the Benelux Union to gauge the preparedness of the industry to tackle cyber threats two years on from the WannaCry attack in May 2017.

And the findings reveal that 92% are now confident in their organisation’s ability to respond to an attack, compared to only 82% at the time of the incident.

More than half (56%) have automated systems in place that actively scan their networks for suspicious activity, and around a third (31%) have their own Security Operation Centres (SOCs) for the same purpose.

It’s encouraging to see more spending on cyber security provision and a more-sensible approach to managing the connected devices that have become increasingly crucial to the efficient delivery of care

In the event of ransomware, 32% of organisations now have a plan in place to pay a ransom in the event of a cyber attack, as opposed to only one in five questioned shortly after the WannaCry ransomware demand.

The Infoblox report gives an insight into how the healthcare sector has responded to the 2017 WannaCry attack

A quarter (24%) remain defiant, however, stating that they would be unwilling to pay a ransom.

Greater investment

More healthcare organisations (28%) are spending between 11-20% more on cyber security than in 2017 (20%), with the top three investments being anti-virus software (59%), firewalls) (52%), and application security (51%).

Network monitoring, the third-most-popular cyber security solution in 2017, has now fallen to fourth place, while employee education has grown in popularity, with investment 10% higher in 2019 than in 2017.

The reason for this will have much to do with improving email hygiene in a bid to avoid phishing scams and the delivery of ransomware.

Connected devices

Despite the growing adoption of the Internet of Things (IoT), the research showed no significant increase in the number of devices connected to IT networks.

Nonetheless, the number of security policies in place for new connected devices has increased from 85-89%, with fewer respondents doubting the effectiveness of these policies (9% in 2019 compared to 13% in 2017).

And the majority of connected devices now run on Microsoft Windows 10 (66% compared to 54%), with the popularity of Linux and Mac OS X growing significantly since 2017 (33%/12% and 31%/7% respectively).

Reassuringly, the number of devices running on Windows XP, which has been unsupported since 2014, has fallen from one in five to one in 10.

As a result, the majority of respondents (87%) are confident they are able to patch or update their systems, with the majority doing so either once a week (23%) or once every two to three weeks (24%).

IT providers mustn’t become complacent and must continue to think strategically about ensuring the security of their networks and – most importantly - the safety of their patients

Rob Bolton, director of Western Europe at Infoblox, said of the findings: “The widespread disruption caused by the WannaCry attack on the NHS two years ago was a wake-up call to healthcare providers everywhere.

“We can expect the risk of such attacks to continue to grow as technology is more widely adopted.

“It’s encouraging, therefore, to see more spending on cyber security provision, and a more-sensible approach to managing the connected devices that have become increasingly crucial to the efficient delivery of care.

“By taking such precautions, healthcare IT providers are right to be more confident about their ability to tackle threats to their network.

“They mustn’t become complacent, though, and must continue to think strategically about ensuring the security of their networks and – most importantly - the safety of their patients.”

Companies