Medicine has always been a field where innovations play a crucial and truly life-saving role. However, during the pandemic, the healthcare industry was forced to significantly speed up the implementation of new developments. Indeed, this pace of change and urgent digitalization within medical organizations was noted by 81% of executives in a recent Accenture report. To determine whether this mass transition to telehealth is keeping pace with security measures, Kaspersky conducted a global survey of healthcare providers.
The research found that organizations widely use medical equipment with a legacy OS, mainly because of high upgrade costs, compatibility issues, or a lack of internal knowledge on how to upgrade, among other reasons.
The usage of outdated equipment may lead to cyber-incidents. When software developers stop supporting a system, they also halt the release of any updates, which among other improvements, often contain security patches for discovered vulnerabilities. If left unpatched, these can become an easy and accessible to penetrate the company’s infrastructure, even for unskilled attackers. Healthcare organizations collect a wealth of sensitive and valuable data, making them one of the most lucrative targets, and unpatched devices can facilitate a successful attack for adversaries.
When it comes to cybersecurity readiness, only 20% of healthcare workers are very confident that their organization can effectively stop all security attacks or breaches at the perimeter. Additionally, 40% expressed conviction that their organization has up to date, adequate hardware and software IT security protection.
At the same time, (30%) of UAE respondents agreed that their organization had already experienced data leaks, DDoS or ransomware attacks.
“The healthcare sector is evolving to meet the demand for accessible help by actively adopting connected devices. But this also adds unique cybersecurity challenges typical to the embedded systems. Our report confirms that many organizations still use medical devices that run on old OS and face obstacles that hamper upgrades. While there is a need for developing a strategy of modernization, there are also solutions and measures available which can help to minimize the risks in the meantime. Those combined with medical staff awareness can significantly raise the security level and pave the way for the future development of the healthcare industry,” comments Sergey Martsynkyan, VP, Corporate Product Marketing at Kaspersky.
To help the healthcare sector minimize the likelihood of cyber-incidents caused by obsolete and unpatched systems, Kaspersky recommends taking the following steps:
- Provide your staff with basic cybersecurity hygiene training, as many attacks start with phishing or other social engineering techniques.
- Carry out a cybersecurity audit of your networks and remediate any weaknesses discovered in the perimeter or inside the network.
- Install anti-APT and EDR solutions, enabling threat discovery and detection, investigation, and timely remediation of incidents capabilities. Provide your SOC team with access to the latest threat intelligence and regularly upskill them with professional training. All of the above is available within Kaspersky’s Expert Security framework.
- Along with proper endpoint protection, dedicated services can help defend against high-profile attacks. Managed Detection and Response services can help identify and stop attacks in their early stages before the attackers achieve their goals.
- Harden embedded systems in medical devices that are rarely updated. Kaspersky Embedded System Security was designed to operate effectively even on low-end and legacy hardware and old software without overloading the system. The latest update of the solution includes cloud-based management capabilities allowing the control of embedded devices via the same hosted console as other endpoints.
© Press Release 2021
Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.
The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.
To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.