Radware survey finds significant numbers of data breaches in 2017
Radware, a leading provider of cyber security and application delivery solutions, has released a new study today titled Radware Research: Web Application Security in a Digitally Connected World. The report identifies how organisations, from retail, finance and healthcare protect their web applications, buyt has identified a number of gaps in security processes.
The healthcare sector, from insurance companies and acute healthcare facilities, to pharmaceutical businesses are all impacted by bot-driven web traffic, affecting application security. In fact, the study has indicated that across the three industries, bots conduct more than half (52%) of all Internet traffic flow. For some organisations, bots represent more than 75% of their total traffic. This is a significant finding considering one-in-three (33%) organisations cannot distinguish between ‘good’ bots and ‘bad’ ones.
The report also found that nearly half (45%) of respondents had experienced a data breach in the last year. What’s more, companies often leave sensitive data under-protected, or at risk of having encrypted traffic breached. In fact, 52% do not inspect the traffic that they transfer to-and-from APIs, and 56% do not have the ability to track data once it leaves the company. Healthcare organisations are particularly unlikely to monitor the Darknet for stolen data, with 37% saying they did so, compared to 56% in financial services, and 48% in retail.
However, any organisation that collects information on European citizens will soon be required to meet the strict data privacy laws imposed by General Data Protection Regulations (GDPR). These regulations take effect in May 2018.
- How GE Healthcare has harnessed digital technology to transform itself and the world around it
- Amazon shares could climb 20% if the company joined healthcare industry
- Microsoft Health: The healthcare revolutionaries
However, with less than a year until the due date, 68% of organisations are not confident in their organisation’s ability to rapidly adopt security patches and updates without compromising operations. Although healthcare providers have placed significant investment in medical equipment, they are often supported by old, outdated systems which run on Windows XP, according to the study.
Patching systems remains a critical element to an organisation’s security and its ability to mitigate today’s leading threats. Over 60% of healthcare respondents have highlighted little or no confidence .
“It’s alarming that executives at organisations with sensitive data from millions of consumers collectively don’t feel confident in their security,” commented Carl Herberger, Vice President of Security Solutions at Radware. “Until companies get a handle on where their vulnerabilities are and take steps to protect them, major attacks and data breaches will continue to make headlines.”
Just 27% of healthcare respondents have voiced confidence that they could safeguard patients’ medical records in the study, even though nearly 80% are required to comply with government regulations.
The survey, conducted by Ponemon Research on behalf of Radware, included responses from more than 600 Chief Information Security Officers and other security leaders across retail, healthcare, and financial services in six continents. Over 200 healthcare security executives undertook the study, and have strongly stated that the sector is behind.
NHSX releases new data plans, experts call for transparency
Patients in England will get "greater control" over their health and care data according to new proposals set out by the government.
In a new draft strategy called "Data saves lives: reshaping health and social care with data", Health and Social Care Secretary Matt Hancock says that more effective use of data will deliver better patient-focused care. "This strategy seeks to put people in control of their own data, while supporting the NHS in creating a modernised system fit for the 21st century which puts patients and staff in pole position."
Under the new plans people will be able to access their medical records from different parts of the health system through different applications, to access test results, medication lists, procedures and care plans.
The strategy, published by NHSX, the government department that sets policies for the use of technology within the NHS, follows delays to the creation of a central database of patient records amid concerns over data sharing and a lack of transparency, with critics saying that only a small proportion of the public were made aware of the plans and the choice to opt out.
Kevin Curran, senior member of The Institute of Electrical and Electronics Engineers (IEEE) and Professor of Cybersecurity at the University of Ulster, says that moving health records online raises concerns. "The move to an online app does seem like a natural progression, however there is a difference between having computerised records within our healthcare IT infrastructure and having those records reside on a public facing server.
"Having records inhouse limits the range and type of access – it's far more difficult for remote hackers" Curran said. "There are techniques that healthcare organisations can use to reduce the risk of future data breaches. One way is to make it ‘opt in’, so patients have the choice to decide whether their medical information is moved to a public facing service so that they can access it.
"However, those who do not opt in or download the app instead should have their records hosted in a non-public-facing cloud service. This way, if a data breach does occur, those who never used the app, or not wanted to, will not have had their details released."
The new strategy has been welcomed by some, with an emphasis on the need for transparency. Adam Steventon, Director of Data Analytics at the Health Foundation, said: "Health data has played a critical role in the last year – from tracking COVID-19 outbreaks and developing treatments, to getting people booked in for their vaccines. It is critical that the use of data is accelerated if the NHS is to tackle the backlog of care and address the massive health challenges facing the country.
"It is particularly positive that the government has committed to building analytical and data science capability in the NHS and to improving data on social care. To ensure the full potential of data can be realised, the government must ensure transparency on how it will be used and the rights and options people have, as well as engaging with the public and health care professionals to build trust and show people how their data can improve the NHS and save lives."