Study reveals healthcare IT professionals are overconfident about breach detection capabilities

Survey evaluates confidence in seven key security controls required to detect cyber attacks

  • 101 healthcare IT professionals responded to study
  • Only 49% of respondents knew exactly how long it would take to generate an alert if unauthorised devices were detected
  • 90% believe they would be alerted within hours
  • 45% said critical vulnerabilities detected by their scanning tools are not fixed or remediated within 30 days
  • 43% of the respondents said less than 80% of patches succeed in a typical patch cycle
  • Survey highlights need for improvements in reporting and detection

A global study has revealed that healthcare IT professionals underestimate the threat of cyber attacks and are overconfident in their ability to tackle the growing problem.

Tripwire this week announced the results of an extensive study conducted by Dimensional Research exploring the confidence of IT professionals regarding the efficacy of seven key security controls, which must be in place to quickly detect a cyber attack in progress.

A total of 763 people responded to the study across a number of industries, including 101 from the healthcare sector.

The results show healthcare IT professionals are overconfident in their ability to quickly collect the data needed to identify and remediate a cyber attack. For example, while less than half of the respondents (49%) know exactly how long it would take their vulnerability scanning systems to generate an alert if unauthorised devices were detected on their networks; 90% believe they would be alerted within hours.

According to Verizon’s 2016 Data Breach Investigations Report, while 63% of successful system compromises in the healthcare industry occurred within minutes, 56% of data breaches impacting the health care sector took months to detect.

“There’s no argument that these basic controls work and contribute directly to an organisation’s cyber security, yet the research shows they are not in place at enough healthcare organisations,” said said Tim Erlin, senior director of IT security and risk strategy at Tripwire.

“This is occurring at a time when the healthcare industry is facing unique cyber threats, from physical theft to sophisticated ransomware campaigns.”

Additional findings from the study included:

  • Nearly two-thirds of the respondents (60%) believe their automated tools do not pick up all of the critical details or information that is needed to identify the locations and departments where the unauthorised devices were detected
  • 83% of the respondents believe they could detect configuration changes to a network device within hours. However, only 54% know how long the process would actually take
  • Nearly half of the respondents (45%) said critical vulnerabilities detected by their scanning tools are not fixed or remediated within 30 days
  • 43% of the respondents said less than 80% of patches succeed in a typical patch cycle

Erlin said: “The basics of finding unauthorised devices and vulnerabilities and applying patches in a timely manner should be done at every organisation in order to create a baseline of cyber security.

“These fundamental controls should be in place before organisations look at the latest shiny security object.”

To combat the problem trusts are urged to ensure they have the following:

  • Accurate hardware inventory
  • Accurate software inventory
  • Continuous configuration management and hardening
  • Comprehensive vulnerability management
  • Patch management
  • Log management
  • Identity and access management

When implemented across an organisation, these controls deliver specific, actionable information necessary to defend against the most-pervasive and dangerous cyber attacks.