Half of US hospitals disconnected their networks due to ransomware

The Perspectives in Healthcare Security Report interviewed 130 different IT and cybersecurity hospital executives, biomedical engineers, and technicians to examine their attitudes, concerns, and impacts on medical device security as well as cybersecurity. 

The findings revealed that healthcare continues to be one of the most targeted industries. Admist the early months of the pandemic, healthcare organisations witnessed a surge in ransomware attacks. 

Medium-sized hospitals appear to have suffered the most from attacks. Of respondents that experienced a shutdown due to external factors, large hospitals reported an average shutdown of 6.2 hours at a cost of $21,500 per hour, while midsize hospitals averaged nearly 10 hours at more than double the cost or $45,700 per hour. 

Despite continuing cyber-attacks against healthcare and roughly half of respondents experiencing an externally motivated shutdown in the last 6 months, more than 60% of hospital IT teams have “other’’ spending priorities and less than 11% say cybersecurity is a high priority spend.

Low levels of investment and skill gaps in cybersecurity were highlighted as possible contributing factors, with just 11% of respondents stating cybersecurity as a “high priority” for spending. 

When asked about common vulnerabilities such as BlueKeep, WannaCry and NotPetya, the majority of respondents said their hospitals were unprotected. 52% of respondents admitted their hospitals were not protected against the Bluekeep vulnerability, and that number increased 64% for WannaCry and 75% for NotPetya.

“With new threat vectors emerging every day, healthcare organizations are facing an unprecedented level of challenges to their security,” said Azi Cohen, CEO of CyberMDX.

“Hospitals have a lot at stake – from revenue loss, to reputational damage, and most importantly patient safety. Our new report provides a critical look into the current state of medical device security and will help raise awareness of key issues and disconnects healthcare organizations are facing with their cybersecurity.”