Healthcare targeted by cybercriminals
In a survey of healthcare executives by KPMG, four-fifths of executives said their IT had already been compromised by cyberattacks. The survey polled 223 executives working for both commercial (56%) and nonprofit (44%) healthcare organizations, payers and providers. 80% of executives surveyed reported being affected by compromised IT systems as a result of cyberattacks.
Palo Alto Networks evaluates this assessment critically. Since all participants of the Study had to have revenues of at least $500 million (and 70% even had revenues of more than $1 billion), they have to manage a large number of endpoints. Based on real-world experience, it is unlikely that a large hospital network using conventional technology will succeed in stopping all malware attacks within two years, according to security firm. This would also mean that not a single employee has fallen victim to phishing emails that trick users into listening to the audio file "Voicemail Recording.wav.exe," for example. Palo Alto Networks doubts this and assumes a rate beyond 80%.
"The 20% of respondents who said none of their IT systems have been compromised in the past two years are most likely also part of that group that lacks visibility to their systems to detect threats at an early stage," suspects Thorsten Henning of Palo Alto Networks. "Many healthcare facilities don't even have the capability yet to detect and prevent malware and exploits in real time."
That skepticism is confirmed in another part of the study, according to the company, which says, "44% of respondents reported that their organization identified 1 to 50 cyberthreat attempts in the past 12 months. This is an indication that healthcare organizations are not particularly effective at identifying, capturing and managing threats."
However, according to the IT security firm, there are several best practices for effectively protecting today's hospital networks. These would prevent threats that target networked medical devices, patient data and general patient care. The following measures are mentioned:
- Provide visibility and effective control; share applications and activities with the goal of reducing the threat surface and minimizing unnecessary bandwidth consumption.
- Segmentation of the network to prevent the movement of malware across the network using a "zero trust" approach.
- Protect and defend systems at all points in the network, throughout network traffic, on endpoints, in data centers, at remote sites, and at major Internet gateways.
- Deploy advanced malware detection to detect and prevent both zero-day and known malware attacks.
- Off-network endpoint protection and continuous defenses, regardless of location or device.
- Ensure timely reporting so IT, cybersecurity, and threat detection professionals can coordinate actions.
- Ensure immediate and automatic sharing and distribution of threat data between systems.