Hospitals Health Tech,

Report finds cybersecurity an issue at hospitals, with almost half reporting an attack in the last 6 months

Even though 48% of hospitals surveyed had a shutdown related to an external hack or query in the last six months. a new report indicated that only 11% of hospitals listed cybersecurity as an area of high priority requiring investment. 

An industry report by Ipsos and sponsored by CyberMDX and Philips said that healthcare is one of the most targeted industries in the cybersecurity space. The study polled 130 hospital executives in Information Technology (IT) and Information Security (IS) roles in addition to biomedical technicians and engineers. Those surveyed averaged 15 years of experience in their respective fields.

The report found healthcare organizations are at risk for cybersecurity attacks, though their budgets do not reflect it. In particular, the survey reported that hospitals comprise 30% of all large data breaches. In the six months prior to the report, 48% of hospitals surveyed had a shutdown related to an external hack or query in the last six months. Despite that high number, the report indicated that only 11% of hospitals listed cybersecurity as an area of high-priority requiring investment. 

Sponsored Post

Physician Targeting Using Real-time Data: How PurpleLab’s Alerts Can Help

By leveraging real-time data that offers unprecedented insights into physician behavior and patient outcomes, companies can gain a competitive advantage with prescribers. PurpleLab®, a healthcare analytics platform with one of the largest medical and pharmaceutical claims databases in the United States, recently announced the launch of Alerts which translates complex information into actionable insights, empowering companies to identify the right physicians to target, determine the most effective marketing strategies and ultimately improve patient care.

That could be penny wise and pound foolish, not to mention the added intangible cost of reputation risk.

The report found midsize hospitals were hurt the most financially by cybersecurity threats. Specifically, larger hospitals indicated an average of 6.2 hours per shutdown, with a cost of $21,500 per hour. In contrast, midsize hospitals’ shutdowns lasted closer to 10 hours and cost almost double, at $45,700 per hour, according to the report.

“Given the number and severity of cyber-attacks against hospitals over the past couple of years, it was surprising to see that only 11% had cybersecurity as a priority in their IT spend,” said Azi Cohen, CEO of CyberMDX in an email.

The report indicated common security vulnerabilities, including BlueKeep, WannaCry, and NotPetya Hospitals reported they did not have protection against the Bluekeep (48%), WannaCry (64%), or NotPetya (75%) vulnerabilities respectively.

The report attributed gaps in security to a lack of automation. Over 60% of the HDOs surveyed relied on manual methods for inventory of their devices and assets. Specifically, 65% of hospital IT teams reported using manual methods for inventory calculations. Of note, 7% of those in the report said they use a fully manual mode for inventory. Additionally, percentages of those from large and midsized hospitals, 15% and 17% respectively, reported not having a way to determine the  number of inactive and active devices in their networks.

The manual inventory methods noted in the report raised concern as such methods prove time consuming and less accurate compared to AI-based tracking, according to Cohen. Further, if devices are missed in the manual inventory, they cannot be protected.

It’s not just a lack of technology that are leaving healthcare organizations vulnerable. Lack of proper staffing is also a concern.

According to the report, 2/3 of IT teams reported they had sufficient staffing for cybersecurity. However, almost half of biomed teams said they needed additional staff. To complicate matters, the report noted a cybersecurity talent shortage of 100+ days of lag to fill jobs.

The pandemic has proved to be a serious challenge for hospitals at a time of strains on revenue. But CyberMDX is hoping to provide some relief through one or a combination of its automation solution for hospitals and other healthcare organizations.

“Hospitals have very tough decisions when it comes to their budgets, especially is smaller organizations. Investing in cybersecurity means that perhaps they cannot buy another device for patient care,” said Azi Cohen, CEO of CyberMDX in an email. “The realization motivated us to create these new offers to ensure that any healthcare organization, regardless of size or budget, could start implementing at least basic cybersecurity into their clinical networks.”

Photo: Traitov, Getty Images