On Nov. 10, the Palo Alto, Calif.-based Armis, a unified asset visibility and security platform provider, released new data showing the increased security risk faced by healthcare organizations and patients. According to a press release, “An increase in connected devices creates an expanded attack surface, putting the patient journey at risk.”
The release states that “The survey, in conjunction with Censuswide, looked at perspectives of over 2,000 potential patients in various industries and 400 IT professionals working in healthcare organizations from across the United States.”
That said, “Key findings of the survey include:
- Increased cyber risk: Eighty-five percent of IT professional respondents agreed they have seen increased cyber risk over the past 12 months.
- Ransomware on the rise: Ransomware alone has hit organizations hard, with 58 percent of IT pros in healthcare stating that their organization has been hit with ransomware.
- Potential patients are not paying attention: The data also shows that while patients are concerned about security, and acknowledge the impact that an attack could have on their care—there is a shocking unawareness about recent cyberattacks. Despite major media headlines around vulnerabilities in pneumatic tubes, technologies used in HVAC systems, to vulnerabilities in two types of B. Braun infusion pumps and REvil attacks on healthcare organizations, 61 percent of potential patients stated they had not heard of any cyberattacks in the healthcare industry in the past 24 months.
- Breaches guide potential patient decisions: This lack of awareness is striking, given almost half (49 percent) of potential patients said that they would change hospitals if their healthcare organization was hit by a ransomware attack.”
The release explains that there are 430 million connected medical devices already in deployment worldwide, making the attack surface for a cyberattack larger. According to the survey, 33 percent of potential patients reported that they had been the victim of a healthcare cybersecurity attack.
Yet, the survey also shows a divide between the concerns of patients and the concerns of IT professionals working in healthcare.
Additional findings include:
- Fifty-two percent of IT pros cite data breaches that result in loss of confidential patient information as a top concern
- Forty-nine percent report security risks in a hospital’s infrastructure as the biggest risk
- Healthcare IT professionals cited building systems—such as HVAC and electrical—as the riskiest devices
- Seventy-three percent of potential patients surveyed said they recognize an attack could impact their quality of care
- Sixty-six percent of potential patients report that they believe their healthcare provider
- Potential patients trust their best friend more than their healthcare provider: Sixty-six percent of potential patients believe their healthcare provider is doing enough to protect their personal information.
- Thirty percent of potential patients trust their best friends more with their sensitive healthcare information than they do healthcare organizations
- Eighty-six percent of respondents stated that their organization has a CISO, and 95 percent of IT healthcare professionals believe their organization’s connected devices are up-to-date with the latest software
- Seventy-five percent of IT healthcare professionals agree that recent attacks have had a strong influence on decision-making at their organization
- Fifty-two percent of IT healthcare professionals believe their healthcare organization is allocating more than sufficient funds to secure its IT systems
- Sixty-three percent of IT healthcare professionals said that their organization has had to submit a cyber insurance claim
“It is critical for healthcare organizations to take the entire patient journey into consideration when thinking about security,” stated Oscar Miranda, CTO for healthcare at Armis. “A strong healthcare security strategy is multi-faceted and requires a holistic view.”
