A quarter of UK healthcare IT pros not confident in response to cyber attacks
According to a new report, one in four UK healthcare IT professionals aren't confident in their organization's ability to respond to cyber attacks.
Research from network intelligence company Infoblox finds that disruption caused to the NHS by WannaCry in May 2017 means many healthcare organizations are preparing themselves for further ransomware attacks.
However, a disturbing quarter of participating healthcare IT professionals in both the UK and the US report that their organization would be willing to pay a ransom in the event of a cyber attack. Of these, 85 percent of UK respondents and 68 percent of US have a plan in place for this situation.
"The healthcare industry is facing major challenges that require it to modernize, reform and improve services to meet the needs of ever more complex, instantaneous patient demands," says Rob Bolton, general manager and director, Western Europe at Infoblox. "Digital transformation presents a massive opportunity to support the doctors and nurses who work tirelessly -- but these new technologies also introduce new cyber risk that must be mitigated."
The number of connected devices on healthcare organizations' networks is expanding rapidly, with 47 percent of the large healthcare organizations surveyed saying that they're managing over 5,000 devices on their network. One in five report that Windows XP is running on their network, and 18 percent say that connected medical devices on their network are running on the unsupported operating system, leaving organizations open to exploitation through security flaws in these unpatched devices.
Seven percent of IT professionals don't know what operating systems their medical devices are running on, making them impossible to patch. Even when the operating system these devices run on is known, 26 percent of large organizations either can't or don't know if they can update these systems.
There's good news in that 85 percent of healthcare IT professionals report that their organization has increased their cyber security spending in the past year, with 12 percent increasing spending by more than 50 percent. Traditional security solutions are still the most popular though, with anti-virus software and firewalls the solutions most invested in over the past year, at 61 percent and 57 percent respectively. US professionals are spending their cyber security budget on next generation firewalls, while the UK spends more on anti-virus.
"The widespread disruption experienced by the NHS during the WannaCry outbreak demonstrated the severe impact to health services that can be caused by a cyber attack," adds Bolton. "It's crucial that healthcare IT professionals plan strategically about how they can manage risk within their organization and respond to active threats to ensure the security and safety of patients and their data."
You can read more about the results in the full report on the Infoblox website.