A major new survey of the US healthcare sector has revealed an increased security risk faced by organisations and patients security risk faced by healthcare organizations and patients as an increase in connected devices creates an expanded attack surface.
The survey, by security specialist Armis in conjunction with Censuswide, looked at perspectives of over 2,000 potential patients in various industries and 400 IT professionals working in healthcare organizations from across the United States.
Key findings of the survey revealed an increased cyber risk, with 85% of IT professional respondents agreeing they have seen increased cyber risk over the past 12 months.
Ransomware is on the rise and has hit organisations hard, with 58 percent of IT professionals in healthcare stating that their organisation has been hit with ransomware demands.
The data also shows that while patients are concerned about security, and acknowledge the impact that an attack could have on their care — yet there is a shocking unawareness about recent cyberattacks. Despite major media headlines around vulnerabilities, 61% of potential patients stated they had not heard of any cyber-attacks in the healthcare industry in the past 24 months.
This lack of awareness is striking, given that almost half (49%) of potential patients said that they would change hospitals if their healthcare organisation was hit by a ransomware attack.
IT professionals are most concerned about data breaches, with breaches resulting in loss of confidential patient information a top concern for healthcare IT professionals (52%), followed by attacks on hospital operations (23%), and ransomware attacks (13%)
Critical infrastructure attacks were seen as the riskiest: security risks in a hospital’s infrastructure topped the list of the biggest risks (49%), followed by the risk of inputting information into an online portal (31%) and staying in a hospital room with connected devices (17%)
Potential patients were most concerned about impact of security on quality of care: an overwhelming majority (73%) of potential patients surveyed recognised that an attack could impact their quality of care.
Privacy issues associated with online portals (37%) topped the list of concerns for potential patients, and 52% said they were worried about an attack shutting down hospital operations and potentially affecting patient care.
Oscar Miranda, CTO for Healthcare at Armis said: “It is critical for healthcare organisations to take the entire patient journey into consideration when thinking about security. A strong healthcare security strategy is multi-faceted and requires a holistic view.”