Report finds cybersecurity an issue at hospitals, with half reporting an attack in the last 6 Months

Even though 48% of hospitals surveyed had a shutdown related to an external hack or query in the last six months. a new report indicated that only 11% of hospitals listed cybersecurity as an area of high priority requiring investment.

By EMMA BARDIN

An industry report by Ipsos and sponsored by CyberMDX and Philips said that healthcare is one of the most targeted industries in the cybersecurity space. The study polled 130 hospital executives in Information Technology (IT) and Information Security (IS) roles in addition to biomedical technicians and engineers. Those surveyed averaged 15 years of experience in their respective fields.


The report found healthcare organizations are at risk for cybersecurity attacks, though their budgets do not reflect it. In particular, the survey reported that hospitals comprise 30% of all large data breaches. In the six months prior to the report, 48% of hospitals surveyed had a shutdown related to an external hack or query in the last six months. Despite that high number, the report indicated that only 11% of hospitals listed cybersecurity as an area of high-priority requiring investment.


That could be penny wise and pound foolish, not to mention the added intangible cost of reputation risk.


The report found midsize hospitals were hurt the most financially by cybersecurity threats. Specifically, larger hospitals indicated an average of 6.2 hours per shutdown, with a cost of $21,500 per hour. In contrast, midsize hospitals’ shutdowns lasted closer to 10 hours and cost almost double, at $45,700 per hour, according to the report.


“Given the number and severity of cyber-attacks against hospitals over the past couple of years, it was surprising to see that only 11% had cybersecurity as a priority in their IT spend,” said Azi Cohen, CEO of CyberMDX in an email.


The report indicated common security vulnerabilities, including BlueKeep, WannaCry, and NotPetya Hospitals reported they did not have protection against the Bluekeep (48%), WannaCry (64%), or NotPetya (75%) vulnerabilities respectively.


The report attributed gaps in security to a lack of automation. Over 60% of the HDOs surveyed relied on manual methods for inventory of their devices and assets. Specifically, 65% of hospital IT teams reported using manual methods for inventory calculations. Of note, 7% of those in the report said they use a fully manual mode for inventory. Additionally, percentages of those from large and midsized hospitals, 15% and 17% respectively, reported not having a way to determine the number of inactive a