Report: Healthcare Orgs not Keeping Up with Daily Cybersecurity Threats | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Report: Healthcare Orgs not Keeping Up with Daily Cybersecurity Threats

August 2, 2017
by Rajiv Leventhal
| Reprints

Far fewer cybersecurity alerts are being investigated than healthcare security leaders may believe, according to a recent report from Cisco.

The Cisco 2017 Midyear Cybersecurity report was released last month and spans across a variety of industries. Related to healthcare, the multinational technology conglomerate headquartered in San Jose, Calif. revealed an array of findings. In general, the research found that leaders of healthcare organizations fear that cyber attacks that could take down mission-critical equipment, endangering patients’ lives. And, as healthcare organizations bring more connectivity to their facilities and devices, security leaders are also raising concerns about the safety of converged networks.

In the past, complex medical devices—such as the Picture Archiving Collection System (PACS), infusion pumps and patient monitoring devices—typically arrived with data networks managed by vendors, so the devices were physically isolated from other networks. But today, with ample bandwidth available, healthcare organizations believe it’s practical to simply flow data through one network, and use logical segmentation to separate various network traffic types such as clinical devices and administrative and guest wireless networks. However, if this segmentation is not done properly, the risks of attackers gaining access to critical data or devices increases, according to the report.

Perhaps the report’s most noteworthy healthcare-related finding was that as is true in many industries, there are more threats than there are time and staff to investigate. Over 40 percent of the healthcare organizations said they come across thousands of security alerts daily, and only 50 percent of those are investigated. Of the alerts that healthcare security teams investigate, 31 percent of those investigated are legitimate threats—but only 48 percent of those legitimate incidents are remediated.

According to Cisco security leaders, it is likely that far fewer alerts are being investigated than healthcare security leaders may believe—or it’s likely that by simply blocking threats from entering the network, they believe the threats have been remediated. It’s also not surprising that these organizations can address so few of the alerts that raise red flags, since investigating a high number of alerts would cause security and IT activity to slow to a crawl and impact other business functions, they reported.

What’s more, it’s well-known that ransomware attacks have already done damage to healthcare organizations. They’re an attractive target for online criminals, since criminals know healthcare providers need to protect patient safety at all costs. In the Cisco study, 37 percent of the healthcare organizations said that targeted attacks are high-security risks to their organizations. Targeted cyber attacks have also become more worrisome than breaches involving lost or stolen hardware, demanding a more precise approach to detecting and mitigating threats.

How are Security Pros Responding?

Many healthcare organizations respond to security challenges with a complex mix of solutions. Almost 60 percent said their organizations use solutions from more than six vendors, while 29 percent use solutions from more than 10 vendors. In addition, two-thirds of security professionals said they use six or more security products, while 41 percent said they use more than 10 products.

The apparent profusion of vendors and products used by healthcare security professionals may result from confusion, or a lack of visibility, about exactly what tools are in place, according to Cisco researchers.

Indeed, CISOs and security operations managers often have different perspectives on their security tools. Security executives higher up on the leadership ladder—that is, not on the front lines of day-to-day security management—may not have a deep understanding of all the tools on their networks, the report noted.

Responding to day-to-day threats while managing a complex web of solutions is also more challenging for healthcare organizations because of a lack of trained personnel. About half of the security professionals said they have fewer than 30 employees dedicated to security; 21 percent said they consider the lack of trained personnel to be a major obstacle in adopting advanced security processes and technology.

Unsurprisingly, security teams are uncommon in all but the largest health organizations. According to Cisco healthcare industry leaders, the definition of a security staffer can be fluid from organization to organization, which may affect perceptions about the size of the security team. For example, IT staff may be considered part of security team, or may join it on a temporary basis.

The researchers advised healthcare organizations to isolate and segment traffic between the network and mission-critical devices. Alternately, organizations should improve their security infrastructure and network segmentation to better handle exceptions requiring compensating controls, they said.

Healthcare organizations have an average of 34 significant security administrative exceptions in place; 47 percent of these exceptions also have compensating controls. Ideally, healthcare organizations should strive to have as few exceptions requiring compensating controls as possible, because they can create weaknesses in security defenses, the report stated.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Duke Health First to Achieve HIMSS Stage 7 Rating in Analytics

North Carolina-based Duke Health has become the first U.S. healthcare institution to be awarded the highest honor for analytic capabilities by HIMSS Analytics.

NIH Releases First Dataset from Adolescent Brain Development Study

The National Institutes of Health (NIH) announced the release of the first dataset from the Adolescent Brain Cognitive Development (ABCD) study, which will enable scientists to conduct research on the many factors that influence brain, cognitive, social, and emotional development.

Boston Children's Accelerates Data-Driven Approach to Clinical Research

In an effort to bring a more data-driven approach to clinical research, Boston Children’s Hospital has joined the TriNetX global health research network.

Paper Records, Films Most Common Type of Healthcare Data Breach, Study Finds

Despite the high level of hospital adoption of electronic health records and federal incentives to do so, paper and films were the most frequent location of breached data in hospitals, according to a recent study.

AHA Appoints Senior Advisor for Cybersecurity and Risk

The American Hospital Association (AHA) has announced that John Riggi has joined the association as senior advisor for cybersecurity and risk.

Report: Healthcare Accounted for 45% of All Ransomware Attacks in 2017

Healthcare fell victim to more ransomware attacks than any other industry in 2017, according to a new report from global cybersecurity insurance company Beazley.