During the pandemic, the healthcare industry was forced to significantly speed up the implementation of new developments. Indeed, this pace of change and urgent digitalisation within medical organisations was noted by 81% of executives in a recent Accenture report.

To determine whether this mass transition to telehealth is keeping pace with security measures, Kaspersky conducted a global survey of healthcare providers.

The research found that organisations globally widely use medical equipment with a legacy operating system (OS), mainly because of high upgrade costs, compatibility issues, or a lack of internal knowledge on how to upgrade, among other reasons.

The usage of outdated equipment may lead to cyber-incidents. When software developers stop supporting a system, they also halt the release of any updates, which among other improvements, often contain security patches for discovered vulnerabilities.

If left unpatched, these can become an easy and accessible to penetrate the company’s infrastructure, even for unskilled attackers.

Healthcare organisations collect a wealth of sensitive and valuable data, making them one of the most lucrative targets, and unpatched devices can facilitate a successful attack for adversaries.

When it comes to cybersecurity readiness, 50% of healthcare workers are very confident that their organisation can effectively stop all security attacks or breaches at the perimeter. While 50% expressed conviction that their organisation has up to date, adequate hardware and software IT security protection.

At the same time, 30% of South African respondents agreed that their organisation had already experienced data leaks, DDoS or ransomware attacks.

“The healthcare sector is evolving to meet the demand for accessible help by actively adopting connected devices,” comments Sergey Martsynkyan, vice-president: corporate product marketing at Kaspersky. “But this also adds unique cybersecurity challenges typical to the embedded systems. Our report confirms that many organisations still use medical devices that run on old OS and face obstacles that hamper upgrades.

“While there is a need for developing a strategy of modernisation, there are also solutions and measures available which can help to minimise the risks in the meantime. Those combined with medical staff awareness can significantly raise the security level and pave the way for the future development of the healthcare industry.”