Human-factor remains healthcare security's biggest loophole
MELBOURNE, Australia, Sept. 18, 2019 /PRNewswire/ -- More than two years after Wannacry ransomware crippled medical facilities and other organisations worldwide, the healthcare sector seems to be learning its lessons as Kaspersky reveals a decreased number of medical devices attacked in 2019.
Statistics from the global cybersecurity company showed that from 30% of hospital devices infected in 2017, medical organisations have witnessed only 28% of attacks in 2018, almost one-third lesser for the current year at 19%.
Kaspersky warns that the decline in number of attacks against devices in healthcare facilities is not observed everywhere. More than seven-in-10 medical machines in Venezuela (77%), the Philippines (76%), Libya (75%), and Argentina (73%) are still subjected to web attacks based on the company's freshest data.
Two countries in the Asia-Pacific region were in the Top 15 nations with the most number of detected infections. These include Bangladesh, 58% of attacked devices, and Thailand with 44%.
Medical devices include all servers, computers, mobiles, tablets, IoT gadgets, and hospital machines that are connected to the internet inside a healthcare facility.
"The reality is that some countries are still lagging behind securing their medical devices. One factor we observe is that the chances of being attacked really depend on how much money the government spends on cybersecurity in the public health sector. Another key reason is the low level of cybersecurity awareness the people inside medical facilities have," comments Yury Namestnikov, Head of Global Research and Analysis Team based at Kaspersky's headquarters in Russia.
"Medical infrastructure has a lot of devices, some of them portable, most of them are becoming more and more connected to the internet. There's even a technology being developed which will soon allow doctors to do surgeries remotely. We're definitely entering the era of ultra-connected medicine. And I have to say that, while we welcome these advancements, we cannot deny that these will open wider doors for cybercriminals. This is a truth the healthcare sector should take into consideration, seriously," adds Namestnikov.
Kaspersky suggests medical facilities to:
- Verify security capabilities of third party suppliers.
- Public and private sectors should draft IT security regulation laws to address the escalating threats within the healthcare sector.
- Make security awareness training for employees in clinics, hospitals and other related facilities compulsory.