But the experts are the least confident in their ability to respond to cyberattacks.
Healthcare information technology (IT) professionals are 10% more confident in their organization’s ability to respond to a cyberattack compared to two years ago, according to a new report from Infoblox.
Infoblox surveyed 600 healthcare IT professionals in the U.S., United Kingdom, Germany, Belgium, Netherlands and Luxembourg. Of 600 respondents, 151 were from the U.S. The most represented job title was IT manager (47), followed by systems analyst (28).
The report found that two years after WannaCry, a ransomware attack that shut down clinics, deferred ambulances and cancelled roughly 20,000 medical appointments, 92% of health IT professionals are confident in their ability to respond to an attack. But those within the U.S. are the least confident, at 85%.
Ransomware attacks are on the rise in health systems. And it is a good idea for organizations to have a plan in place to react to this kind of attack.
But almost 40% of U.S. respondents did not know if their organization would be willing to pay the ransom to unlock their data. Only 17.9% said their organization has a response plan and also would pay the ransom. And 33.1% reported not being willing to pay a ransom in the event of an attack, which is on par with the advice from the FBI.
Only 54.3% of U.S. respondents said their organization has automated systems that actively scan their networks for suspicious activity. Just over a quarter said their health system has its own security operations center that scans the network for suspicious activity. And 11.9% of those surveyed said they did not know whether they had the ability to quickly detect suspicious network activity.
Almost 42% of the experts reported that their organization’s cybersecurity spending has increased anywhere from 0 to 40%. A majority (15.9%) of U.S. experts said their organization’s cybersecurity spending has increased by 21 to 30% over the past year.
And a lot of the increase in spending is going toward antivirus software. Close to 58% of experts spend their budget on such software. Firewalls (54.3%), network monitoring (49%) and encryption software (47%) are other tools being purchased with organizations’ cybersecurity budget.
According to the report, 61% of U.S. respondents are confident that the U.S. Food and Drug Administration’s medical device security playbook is an effective security policy for the healthcare industry, while almost a quarter did not know about the policy.
Healthcare organizations increased efforts to tackle cybersecurity.
Infoblox notes the importance of patching systems more frequently. In the U.S., 31.1% of organizations said their systems are patched once a month, and 26.4% said their systems are patched once a week.
The company also advised health systems to make plans to minimize the disruption in the event of a cyberattack.
“Although healthcare IT providers are some of the most educated and concerned security buyers, they mustn’t become complacent and must continue to think strategically about ensuring the security of their networks and — most importantly — the safety of their patients," said Victor Danevich, chief technology officers of systems engineering at Infoblox.
Get the best insights in digital health directly to your inbox.
Speaking with the Woman Behind the Facebook Health Data Breach Complaint
Healthcare Must Tighten Up Cybersecurity Practices