Two years after the WannaCry ransomware attack that hit the NHS (National Health Service), healthcare IT people feel more confident in their ability to respond to a cyber-attack, according to a survey by a cloud network service company.
As healthcare providers continue to undertake digital transformation initiatives in an effort to improve efficiencies and the quality of care they deliver, the risk of falling victim to cyber-attack increases. Most, 92 percent in healthcare IT polled are now confident in their organisation’s ability to respond to a cyber-attack, compared to only 82 percent two years ago. More than half (56pc) have automated systems in place that actively scan their networks for suspicious activity, and around a third (31pc) have their own Security Operation Centres (SOCs) for the same purpose.
Ransomware
In the event of ransomware, 32 percent of organisations now have a plan in place to pay a ransom in the event of a cyber-attack, as opposed to only one in five questioned shortly after the 2017 Wanna Cry ransomware attack. A quarter (24pc) remain defiant, however, stating that they would be unwilling to pay a ransom.
More healthcare organisations (28pc) are spending between 11 and 20 percent more on cyber-security than in 2017 (20pc), with the top three investments being anti-virus software (59pc), firewalls) (52pc), and application security (51pc). Network monitoring, the third most popular cybersecurity solution in 2017, has now fallen to fourth place, while employee education has grown in popularity, with investment 10 percent higher in 2019 than in 2017. The reason for this will have much to do with improving email hygiene in a bid to avoid phishing scams and the delivery of ransomware. Infoblox commissioned the survey of healthcare IT people in the UK, US, Germany and the Benelux.
Connected devices
As for the growing adoption of the Internet of Things (IoT), the research showed no significant increase in the number of devices connected to IT networks. Nonetheless, the number of security policies in place for new connected devices has increased from 85 to 89 percent, with fewer respondents doubting the effectiveness of these policies (9pc in 2019/13pc in 2017). A majority of connected devices now run on Microsoft Windows 10 (66pc/54pc), with the popularity of Linux and Mac OS X growing since 2017 (33pc/12pc and 31pc/7pc respectively). The number of devices running on Windows XP, which has been unsupported since 2014, has fallen from one in five to one in ten. As a result, the majority of respondents (87pc) are confident they are able to patch or update their systems, with the majority doing so either once a week (23pc) or once every two to three weeks (24pc).
Rob Bolton, Director of Western Europe at Infoblox said: “The widespread disruption caused by the WannaCry attack on the NHS two years ago was a wake-up call to healthcare providers everywhere. We can expect the risk of such attacks to continue to grow as technology is more widely adopted. It’s encouraging, therefore, to see more spending on cyber-security provision, and a more sensible approach to managing the connected devices that have become increasingly crucial to the efficient delivery of care.
“By taking such precautions, healthcare IT providers are right to be more confident about their ability to tackle threats to their network. They mustn’t become complacent, though, and must continue to think strategically about ensuring the security of their networks and – most importantly – the safety of their patients.”
The research was conducted online in February 2019 by polling company Censuswide.
