The Daily Swig Web security digest

Healthcare cyber-threats weigh heavy on sector’s IT community

James Walker | 16 November 2017 at 12:19

While healthcare cybersecurity funding is up in the UK, confidence among the sector’s IT community is low.

Although UK healthcare organizations are ramping up their investment in cybersecurity, one in four IT professionals working in the sector are not confident in their organization’s ability to respond to a cyber-attack, a new study indicates.

In a newly-published survey of more than 300 healthcare IT specialists, Infoblox found that 85% of organizations have a plan in place to help prevent business disruption or loss of data caused by hacks, with 12% of organizations increasing spending by more than 50%.

Traditional security solutions such as antivirus software and firewalls are attracting the most investment, followed by network monitoring, DNS security solutions, and application security, Infoblox said.

Healthcare organizations’ increased investment in cybersecurity solutions might help to allay concerns following this year’s global WannaCry incident, which affected 47 NHS trusts across the UK. But despite the additional funding, 23% of IT professionals said they were not confident in their organization’s ability to handle another large-scale cyber-attack.

One in five healthcare IT professionals reported that Windows XP – which has been unsupported since April 2014 – is still running on their network.

Nearly 20% of those surveyed indicated that connected medical devices on their network are running on the unsupported operating system, leaving organizations open to exploitation through security flaws in these unpatched devices.

“The healthcare industry is facing major challenges that require it to modernize, reform, and improve services to meet the needs of ever more complex, instantaneous patient demands,” said Rob Bolton, director of Western Europe at Infoblox.

“It’s crucial that healthcare IT professionals plan strategically about how they can manage risk within their organization and respond to active threats to ensure the security and safety of patients and their data.”

Dedicated security platform

As the number of connected devices on healthcare organizations’ networks continues to grow at a rapid pace, Israeli startup Medigate is pushing ahead with the development of a dedicated medical device security platform.

Earlier this week, the Tel Aviv-based company said it had raised $5.35 million in seed funding, which will be used to further the development of a solution designed to help secure networked medical devices that are connected to patients’ medical records, device servers, and the internet.

“Connected medical devices – from patient monitors, MRIs and CAT scanners to infusion pumps and yet-to-be invented devices – are critical to the delivery of healthcare today and are revolutionizing the care of tomorrow,” said Yoav Leitersdorf, managing partner at YL Ventures, which led the Medigate funding round.

“These devices are inherently different from traditional IT endpoints and can’t be protected by currently available products and practices. With the pandemic of cyberattacks targeting healthcare providers, far too many connected devices are left vulnerable and exposed, putting patient health and privacy at risk.”

Jonathan Langer, Medigate CEO and co-founder, said that to be competitive in both care delivery and cost, today’s medical providers must be able to quickly and safely connect existing and new devices to their networks.

“It’s an imperative to connect devices to the network, both to manage and monitor devices in real time and to understand and analyze the large amounts of data generated from these devices,” said Langer.

“At the same time, we see backdoor attacks like MEDJACK and ransomware attacks like WannaCry and NotPetya successfully targeting healthcare providers. Connected devices are a ripe target for cybercriminals.”

Langer added: “The Medigate solution is designed to effectively protect medical devices from these attacks and eliminate this pandemic risk.”

The Medigate Security Platform is currently in limited availability to qualified customers. General availability will be in mid-2018.