Cybersecurity not top priority despite attacks, report finds

Research by CyberMDX and Philips found that few healthcare organisations considered cybersecurity to be a top investment priority

A new report by CyberMDX and Philips has found that cybersecurity is not a priority investment among healthcare organisations, despite the rise in ransomware attacks on the sector. 

The Perspectives in Healthcare Security Report looks at attitudes, concerns, and impacts on medical device security as well as cybersecurity across large and midsize healthcare delivery organisations. 

The study surveyed 130 hospital executives in Information Technology (IT) and Information Security (IS) roles in the US, as well BioMed technicians and engineers. The respondents, who averaged 15 years of experience in their fields, provided insight into the current state of medical device security within hospitals, and  highlighted the challenges their organisations face.

Key findings include:

 * Ransomware is attacking the bottom line, with 48% of hospital executives reporting either a forced or proactive shutdown in the last 6 months as a result of an attack
 * Large hospitals reported an average shutdown time of 6.2 hours at a cost of $21,500 per hour, while mid-size hospitals averaged nearly 10 hours at more than double the cost or $45,700 per hour
 * Despite continuing cyber-attacks and roughly half of respondents experiencing an externally motivated shutdown in the last 6 months, more than 60% of hospital IT teams have “other'' spending priorities and less than 11% say cybersecurity is a high priority spend.
 * When asked about common vulnerabilities such as BlueKeep, WannaCry and NotPetya, the majority of respondents said their hospitals were unprotected.

Additionally, while two thirds of IT teams believe they are adequately staffed for cybersecurity, more than half of biomed teams believe more staff is needed. Conversely, the industry has been experiencing a cybersecurity talent shortage and over a 100 day lag to fill jobs.

“With new threat vectors emerging every day, healthcare organisations are facing an unprecedented level of challenges to their security,” said Azi Cohen, CEO of CyberMDX. 

“Hospitals have a lot at stake - from revenue loss, to reputational damage, and most importantly patient safety. Our new report provides a critical look into the current state of medical device security and will help raise awareness of key issues and disconnects healthcare organisations are facing with their cybersecurity.”

The report is a continuation of the partnership between Philips and CyberMDX announced in November 2020, formed to provide solutions to protect connected medical systems and devices. 


Featured Articles

Snowflake: Transforming patient healthcare with Gen AI

Jesse Cugliotta, Healthcare & Life Science at Snowflake, discusses revolutionising healthcare efficiency and improving patient care with Gen AI

Johnson & Johnson: Turning supplier spend into local support

Johnson & Johnson’s Global Supplier Diversity & Inclusion team is growing spending with social enterprises around the globe to expand its impact

Seasonal Affective Disorder’s impact on health & solutions

Dr Ravi Gill & Dr. Naomi Newman-Beinart discuss Seasonal Affective Disorder and its treatments, from vitamin D spray to light therapy

CGI teams up with Totalmobile for digital healthcare service

Digital Healthcare

Deloitte: generative AI can improve access to healthcare

Technology & AI

Wipro & NVIDIA’s revolutionary healthcare uses generative AI