Though this type of cyberattack is one long forewarned by security professionals, in a recent B2B technology survey of 455 U.S.-based companies across nine vertical markets, ABI Research finds that healthcare respondents show the least concern regarding security out of all sectors surveyed.
ICT&health reports regularly on the growing threat of cybercriminality in the health sector, where lack of up to date security combines with cybercriminals earning more money from healthcare data than financial data.
Cybersecurity poor in healthcare
“Cybersecurity within the healthcare sector has been traditionally poor, at best,” says Michela Menting, Research Director at ABI Research. “Most organizations limit themselves to box ticking exercises, as required under data protection legislation for patient privacy. A true understanding of the risks and the requirements of comprehensive, multi-layered cybersecurity implementation is sorely lacking.” When ranking barriers to technology adoption, it was found that 82% of healthcare respondents did not rank privacy and data protection as a concern, and 58% did not rank cybersecurity at all.
For privacy and data protection, this high dismissal rate could be attributed to healthcare organizations’ complacency regarding existing data protection frameworks. The number of health records breached in the sector alone have numbered in the millions since 2010, and ransomware has been the bane of healthcare organizations, with more than 50% of global attacks targeting the sector in the past two years.
“Belief that healthcare providers are experienced in data protection due to compliance with existing regulation can provide a false sense of security when faced with new technology adoption,” continues Menting.
Cybersecurity no obstacle
Similarly, more than half of healthcare B2B technology survey respondents did not consider cybersecurity to be an obstacle. This inattention can be attributed to several factors:
• Lack of specific cybersecurity legislation and guidance,
• Belief that data protection regulation could address the problem,
• Low awareness and limited understanding of risks
• The perceived unlikelihood of widespread cyberattacks like WannaCry
Complacency in risk mitigation is dangerous, as the WannaCry ransomware attack sadly revealed, concludes Menting. “Healthcare organizations should treat cybersecurity as a living process, rather than as a static checklist, especially when considering new technology adoption. Connected medical devices and hospital equipment increasingly form part of care provisioning, and are highly vulnerable to cyberattacks.”
This is even more critical as basic IT cybersecurity seems to be dangerously unattended in the industry. Ransomware will continue to be a popular cyberattack, attracting an ever-growing number of malicious actors, keen to cash-in on the vulnerabilities riddling healthcare organizations.”