- The lack of digital security causes the leakage of patient data.
- In terms of cybersecurity, only 20% of medical workers are very confident that their organization can effectively stop all attacks or security breaches.
- Cybersecurity is increasingly important due to the increase in telemedicine and medical consultations over the internet.
Medical organizations in Mexico widely use medical equipment with an outdated operating system, mainly due to the high update costs. This is revealed by a global survey by Kaspersky, conducted among health service providers that seeks to analyze cybersecurity trends in the transition to telehealth.
High costs prevent digital upgrade
The report indicates that when it comes to the security provided by operating system updates, seven in ten (73.3%) healthcare providers in the country currently use medical equipment with an outdated operating system. Reasons include cost, which is too high (26.7%), or compatibility issues (20%), as well as lack of knowledge on how to upgrade (20%).
As a consequence, almost 27% of those surveyed in Mexico admitted that their organization had already experienced incidents such as data leaks, just over 13% have experienced DDoS and ransomware attacks.
When software developers stop supporting a system, they also discontinue updates which, among other enhancements, often contain security patches for discovered vulnerabilities. Without them, they can become an easy and accessible initial attack vector to penetrate the company’s infrastructure. Healthcare organizations collect a large amount of sensitive and valuable data, making them one of the most lucrative targets.
Doctors do not enjoy cybersecurity
When it comes to cybersecurity, only 20% of medical workers are very confident that their organization can effectively stop all attacks or security breaches at the perimeter. On the other hand, only 66.7% trust that their organization has adequate and up-to-date computer hardware and software security protection.
“The health sector is evolving to meet the demand for accessible services through the active adoption of connected devices. But this also adds unique cybersecurity challenges typical of embedded systems. Our report confirms that many organizations continue to use medical devices with older operating systems, facing obstacles that make it difficult to upgrade. Although the modernization of this equipment is necessary, there are also solutions and measures available that can help minimize the risks in the first instance. These, combined with the awareness of medical personnel, can significantly raise the level of security and pave the way for the future of the medical industry”, comments Sergey Martsynkyan, Vice President of Corporate Product Marketing at Kaspersky.
Digital security tips
To help the healthcare industry minimize the likelihood of cyber incidents caused by outdated and unpatched systems, Kaspersky recommends taking the following measures:
- Provide your staff with basic cybersecurity training, as many attacks start with phishing or other social engineering techniques.
- Perform a cybersecurity audit of your networks and address any weaknesses discovered at the perimeter or within the network.
- Install anti-APT and EDR solutions, which allow you to discover and detect threats, investigate and timely remedy incidents. Give your SOC team access to the latest threat intelligence and regularly update them with professional training. All of the above is available within the Kaspersky Security Expert framework.
- Along with proper endpoint protection, dedicated services can help defend against high-profile attacks. Managed detection and response tools can help identify and stop attacks in their earliest stages before attackers achieve their goals.
- Strengthen systems that are already used in medical devices and are rarely upgraded. Kaspersky Embedded System Security has been designed to work effectively on low-end and legacy hardware, as well as older software, without overloading the system. The latest update to the solution includes cloud-based management capabilities that enable control of integrated devices through a single console.
Also read:
The importance of cybersecurity in your medical office
The main global threats facing humanity
Most patients are wary of telehealth for these reasons