Palo Alto Networks revealed that despite an increase in cybersecurity budgets, there is a lack of dedicated cybersecurity staff in the healthcare industry.
Palo Alto Networks : Not Enough Cybersecurity Staff In Healthcare
SINGAPORE, 29 November 2017 – As the adoption of digital technology in the healthcare industry accelerates, there is an increasing need to protect another side of patients’ and healthcare organisations’ well-being – the security of their personal data. This emphasis on protecting data and mitigating cyberthreats is reflected in the industry’s significant investment into cybersecurity.
According to a recent survey * by Palo Alto Networks, about 70 percent of healthcare organisations in Asia-Pacific say that 5 to 15 percent of their organisation’s IT budget is allocated to cybersecurity.
* The survey was conducted amongst more than 500 business professionals in APAC, covering Australia, China, Hong Kong, India and Singapore markets.
However, despite substantial budgets, there seems to be a need for the healthcare industry to catch-up with industry peers in terms of cybersecurity talent, with only 78 percent having a team in their organisations dedicated to IT security, the lowest among other industries surveyed. This is also well-below the industry-wide average of 86 percent.
Aside from monetary loss associated with data breaches and availability of connected devices which monitor patient lives, healthcare professionals are most worried about the loss of clients’ contacts, financial or medical information – 30 percent have cited loss of details as key. Fear of damaging the company’s reputation among clients comes next at 22 percent, followed by 17 percent citing company downtime while a breach is being fixed as a concern.
Cybersecurity risks in healthcare organisations are also amplified with BYOD (Bring Your Own Device), with 78 percent of organisations allowing employees to access work-related information with their own personal devices such as their mobile phones and computers. In addition to this, 69 percent of those surveyed say they are allowed to store and transfer their organisation’s confidential information through their personal devices.
While 83 percent claimed there are security policies in place, only 39 percent admit to reviewing these policies more than once a year – lower than the 51 percent of respondents from the finance industry, a sector also known to hold sensitive client data.
Call to get in shape for the future
As more healthcare organisations fall prey to cyberattacks, such as ransomware, a lapse in data security is a real threat to the industry, hence organisation-wide education and awareness are crucial towards ensuring that the right preventive measures are implemented and enforced.
54 percent of the respondents have cited an inability to keep up with the evolving solutions being a barrier to ensuring cybersecurity in their organisations, and 63 percent of respondents attributed this to an ageing internet infrastructure as the likely main reason for cyberthreats, should they happen.
Palo Alto Networks Tips For Healthcare Organisations
Here are some tips for healthcare organisations:
- Ensure that medical devices are equipped with up-to-date firmware and security patches to address cybersecurity risks. Medical devices are notoriously vulnerable to cyberattacks because security is often an afterthought when the devices are designed and maintained by the manufacturer. These precautionary measures may include having an inventory on all medical devices, accessing network architecture and determining patch management plan for medical devices, as well as developing a plan to migrate medical devices to the medical device segment.
- Apply a zero trust networking architecture for hospital networks, making security ubiquitous throughout, not just at the perimeter. Healthcare organisations should look to segment devices and data based on their risk, inspecting network data as it flows between segments, and requiring authentication to the network and to any application for any user on the network.
- Practices such as BYOD and some employees’ ability to store and transfer confidential information through their personal devices put them at a higher risk of phishing attacks. To prevent this, healthcare providers should ensure that staff undergo regular end-user security training to reduce successful phishing. Cybersecurity best practices can be taught as a new hire class for every employee.
- As healthcare organisations migrate portions of their critical infrastructure and applications to the cloud, it becomes imperative for an advanced and integrated security architecture to be deployed to prevent cyberattacks on three-prongs: the network, the endpoint and the cloud. Traditional antivirus will not be effective in guarding against advanced malware such as ransomware which continuously changes to avoid detection.