Cybersecurity not top priority despite attacks, report finds
The Perspectives in Healthcare Security Report looks at attitudes, concerns, and impacts on medical device security as well as cybersecurity across large and midsize healthcare delivery organisations.
The study surveyed 130 hospital executives in Information Technology (IT) and Information Security (IS) roles in the US, as well BioMed technicians and engineers. The respondents, who averaged 15 years of experience in their fields, provided insight into the current state of medical device security within hospitals, and highlighted the challenges their organisations face.
Key findings include:
* Ransomware is attacking the bottom line, with 48% of hospital executives reporting either a forced or proactive shutdown in the last 6 months as a result of an attack
* Large hospitals reported an average shutdown time of 6.2 hours at a cost of $21,500 per hour, while mid-size hospitals averaged nearly 10 hours at more than double the cost or $45,700 per hour
* Despite continuing cyber-attacks and roughly half of respondents experiencing an externally motivated shutdown in the last 6 months, more than 60% of hospital IT teams have “other'' spending priorities and less than 11% say cybersecurity is a high priority spend.
* When asked about common vulnerabilities such as BlueKeep, WannaCry and NotPetya, the majority of respondents said their hospitals were unprotected.
Additionally, while two thirds of IT teams believe they are adequately staffed for cybersecurity, more than half of biomed teams believe more staff is needed. Conversely, the industry has been experiencing a cybersecurity talent shortage and over a 100 day lag to fill jobs.
“With new threat vectors emerging every day, healthcare organisations are facing an unprecedented level of challenges to their security,” said Azi Cohen, CEO of CyberMDX.
“Hospitals have a lot at stake - from revenue loss, to reputational damage, and most importantly patient safety. Our new report provides a critical look into the current state of medical device security and will help raise awareness of key issues and disconnects healthcare organisations are facing with their cybersecurity.”
The report is a continuation of the partnership between Philips and CyberMDX announced in November 2020, formed to provide solutions to protect connected medical systems and devices.