Report: Healthcare Orgs not Keeping Up with Daily Cybersecurity Threats | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Report: Healthcare Orgs not Keeping Up with Daily Cybersecurity Threats

August 2, 2017
by Rajiv Leventhal
| Reprints

Far fewer cybersecurity alerts are being investigated than healthcare security leaders may believe, according to a recent report from Cisco.

The Cisco 2017 Midyear Cybersecurity report was released last month and spans across a variety of industries. Related to healthcare, the multinational technology conglomerate headquartered in San Jose, Calif. revealed an array of findings. In general, the research found that leaders of healthcare organizations fear that cyber attacks that could take down mission-critical equipment, endangering patients’ lives. And, as healthcare organizations bring more connectivity to their facilities and devices, security leaders are also raising concerns about the safety of converged networks.

In the past, complex medical devices—such as the Picture Archiving Collection System (PACS), infusion pumps and patient monitoring devices—typically arrived with data networks managed by vendors, so the devices were physically isolated from other networks. But today, with ample bandwidth available, healthcare organizations believe it’s practical to simply flow data through one network, and use logical segmentation to separate various network traffic types such as clinical devices and administrative and guest wireless networks. However, if this segmentation is not done properly, the risks of attackers gaining access to critical data or devices increases, according to the report.

Perhaps the report’s most noteworthy healthcare-related finding was that as is true in many industries, there are more threats than there are time and staff to investigate. Over 40 percent of the healthcare organizations said they come across thousands of security alerts daily, and only 50 percent of those are investigated. Of the alerts that healthcare security teams investigate, 31 percent of those investigated are legitimate threats—but only 48 percent of those legitimate incidents are remediated.

According to Cisco security leaders, it is likely that far fewer alerts are being investigated than healthcare security leaders may believe—or it’s likely that by simply blocking threats from entering the network, they believe the threats have been remediated. It’s also not surprising that these organizations can address so few of the alerts that raise red flags, since investigating a high number of alerts would cause security and IT activity to slow to a crawl and impact other business functions, they reported.

What’s more, it’s well-known that ransomware attacks have already done damage to healthcare organizations. They’re an attractive target for online criminals, since criminals know healthcare providers need to protect patient safety at all costs. In the Cisco study, 37 percent of the healthcare organizations said that targeted attacks are high-security risks to their organizations. Targeted cyber attacks have also become more worrisome than breaches involving lost or stolen hardware, demanding a more precise approach to detecting and mitigating threats.

How are Security Pros Responding?

Many healthcare organizations respond to security challenges with a complex mix of solutions. Almost 60 percent said their organizations use solutions from more than six vendors, while 29 percent use solutions from more than 10 vendors. In addition, two-thirds of security professionals said they use six or more security products, while 41 percent said they use more than 10 products.

The apparent profusion of vendors and products used by healthcare security professionals may result from confusion, or a lack of visibility, about exactly what tools are in place, according to Cisco researchers.

Indeed, CISOs and security operations managers often have different perspectives on their security tools. Security executives higher up on the leadership ladder—that is, not on the front lines of day-to-day security management—may not have a deep understanding of all the tools on their networks, the report noted.

Responding to day-to-day threats while managing a complex web of solutions is also more challenging for healthcare organizations because of a lack of trained personnel. About half of the security professionals said they have fewer than 30 employees dedicated to security; 21 percent said they consider the lack of trained personnel to be a major obstacle in adopting advanced security processes and technology.

Unsurprisingly, security teams are uncommon in all but the largest health organizations. According to Cisco healthcare industry leaders, the definition of a security staffer can be fluid from organization to organization, which may affect perceptions about the size of the security team. For example, IT staff may be considered part of security team, or may join it on a temporary basis.

The researchers advised healthcare organizations to isolate and segment traffic between the network and mission-critical devices. Alternately, organizations should improve their security infrastructure and network segmentation to better handle exceptions requiring compensating controls, they said.

Healthcare organizations have an average of 34 significant security administrative exceptions in place; 47 percent of these exceptions also have compensating controls. Ideally, healthcare organizations should strive to have as few exceptions requiring compensating controls as possible, because they can create weaknesses in security defenses, the report stated.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Analysis: Healthcare Ransomware Attacks Decline in First Half of 2018

In the first half of 2018, ransomware events in major healthcare data breaches diminished substantially compared to the same time period last year, as cyber attackers move on to more profitable activities, such as cryptojacking, according to a new report form cybersecurity firm Cryptonite.

Dignity Health, UCSF Health Partner to Improve the Digital Patient Experience

Dignity Health and UCSF Health are collaborating to develop a digital engagement platform that officials believe will provide information and access to patients when and where they need it as they navigate primary and preventive care, as well as more acute or specialty care.

Report: Digital Health VC Funding Surges to Record $4.9 Billion in 2018

Global venture capital funding for digital health companies in the first half of 2018 was 22 percent higher year-over-year (YoY) with a record $4.9 billion raised in 383 deals compared to the $4 billion in 359 deals in the same time period last year, according to Mercom Capital Group’s latest report.

ONC Roundup: Senior Leadership Changes Spark Questions

The Office of the National Coordinator for Health IT (ONC) has continued to experience changes within its upper leadership, leading some folks to again ponder what the health IT agency’s role will be moving forward.

Media Report: Walmart Hires Former Humana Executive to Run Health Unit

Reigniting speculation that Walmart and insurer Humana are exploring ways to forge a closer partnership, Walmart Inc. has hired a Humana veteran to run its health care business, according to a report from Bloomberg.

Value-Based Care Shift Has Halted, Study Finds

A new study of 451 physicians and health plan executives suggests that progress toward value-based care has stalled. In fact, it may have even taken a step backward over the past year, the research revealed.