The FDA has warned Americans that hackers could compromise insulin pumps by connecting to them via Wi-Fi. A 2017 study from the Technology and Health Care journal found that the US healthcare industry doesn’t keep up with new cybersecurity precautions, this is despite a 2018 study from medical journal Maturitas found that medical devices — including insulin pumps and pacemakers — are highly vulnerable to cybercrime.
In contrast, a study from Infoblox found that in the UK, the number of security policies in place for new connected devices has increased from 85 to 89 percent, with fewer respondents doubting the effectiveness of these policies (9% in 2019/13% in 2017). This signals a big step forward for the UK, particularly after the disaster that was WannaCry two years ago, and shows that the US could have something to learn from how the UK healthcare system has addressed security vulnerabilities. In saying that, the NHS still has a way to go to modernise its infrastructure, as noted in another recent report raising concerns about the possibility of another WannaCry scale attack.
Interestingly, despite ongoing concerns, a Veracode study found that globally, the healthcare sector is the fastest industry when it comes to addressing common vulnerabilities found in software. The global report found healthcare organisations took only six days to address a quarter of their vulnerabilities in code and just seven months (216 days) to remediate the majority (75%) of vulnerabilities. That’s almost eight months faster than the average organisation who is taking 15 months (472 days) to fix 75% of its vulnerabilities.
In light of mounting pressure for the healthcare industry to address security vulnerabilities paired with mixed reports on its success so far, security experts commented below on the importance of cyber security when it comes to health organizations which holds critical information of individuals.
The National Health Service might be at risk of cyber attacks, a new white paper on NHS cybersecurity has said. https://t.co/efMsWICTlL
— euronews (@euronews) July 3, 2019
Experts Comments:
Rob Bolton, Director of Western Europe at Infoblox:
“The widespread disruption caused by the WannaCry attack on the NHS two years ago was a wake-up call to healthcare providers everywhere. We can expect the risk of such attacks to continue to grow as technology is more widely adopted. It’s encouraging, therefore, to see more spending on cyber-security provision, and a more sensible approach to managing the connected devices that have become increasingly crucial to the efficient delivery of care.
By taking such precautions, healthcare IT providers are right to be more confident about their ability to tackle threats to their network. They mustn’t become complacent, though, and must continue to think strategically about ensuring the security of their networks and – most importantly – the safety of their patients.”
Paul Farrington, EMEA Chief Technology Officer at Veracode:
“Healthcare organisations are remediating at the most rapid rate at every interval compared to their peers. It takes just a little over seven months for healthcare organisations to reach the final quartile of open vulnerabilities, about eight months sooner than it takes the average organisation to reach the same landmark.
It shows remarkable resilience for an industry which was heavily targeted and badly damaged during the WannaCry ransomware attack two years ago. However, millions of cyber-attacks are aimed at the healthcare sector each day, seeking any weak spot. Using code that is secure from the start can help healthcare reduce security risk further.”
Barry McMahon, Senior Manager International Marketing at LogMeIn:
“It is unfortunately not surprising that the NHS Cyber Security White Paper found that the health service remains vulnerable to cyber-attacks. In order to avoid another WannaCry attack, it is true that the Government must take steps to modernise out-dated computer systems and invest further into the digitisation of the NHS.
“That being said, the risks presented to the NHS are not exclusively the product of antiquated IT systems. Rather, poor password practices among NHS workers can be just as detrimental and risk making patient data vulnerable to cybercriminals. Our 2018 Global Password Security report found that, while 91% of respondents are aware that using the same password for multiple accounts is a security risk, 59% admit to having done so.
“Additionally our recent research revealed that 92% of organisations surveyed experience challenges when it comes to identity management. Implementing multi-factor authentication and single-sign-on solutions can help companies by adding multiple layers of security to ensure that data remains secure.
“The reality is that every person with a password is a potential access point, and the only way to change people’s habits and behaviours is to educate and provide easy-to-use tools and apps that they can also use in their everyday personal life. Security is not just for the workplace, it’s just as important in the home environment, given a high percentage of people use the same passwords for personal and workplace logins. Security and positive user-experience should not be traded off against each other, they can co-exist, it’s a matter of finding the right blend of services.
“Therefore, while digital transformation is indeed vital to protecting data, we must also go back to basics and ensure that NHS employees working with sensitive information are up to scratch with password hygiene and ensure that their workplace credentials remain secure. Only then can NHS databases remain secure, keeping patient data safe and making another WannaCry far less likely in the process.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.