Woburn, MA — December 6, 2021 — According to Kaspersky’s 2021 Healthcare report, only 22% of global healthcare organizations confirmed that all medical equipment they utilize runs up to date software, with 73% saying that they continue to use legacy operating systems (OS). These findings highlight that many healthcare organizations are leaving themselves exposed to vulnerabilities and cyber-risks by running on outdated OS.
The survey results also found that organizations widely use medical equipment with a legacy OS mainly because of high upgrade costs, compatibility issues, or a lack of internal knowledge on how to upgrade, among other reasons.
Does your organization currently use medical equipment with a legacy operating system, and if so, what are the main reasons for this?
The usage of outdated equipment leaves healthcare organizations vulnerable to cyber-incidents. When software developers stop supporting a system, they also halt the release of any updates that often contain security patches for discovered vulnerabilities. If left unpatched, these can become an easy and accessible initial attack vector to penetrate the company’s infrastructure, even for unskilled attackers. Healthcare organizations collect a wealth of sensitive and valuable data, making them one of the most lucrative targets, and unpatched devices can facilitate a successful attack for adversaries.
When it comes to cybersecurity readiness, only 30% of healthcare workers are very confident that their organization can effectively stop all security attacks or breaches at the perimeter. Just 34% expressed conviction that their organization has up to date, adequate hardware and software IT security protection.
At the same time, half (50%) of global respondents agreed that their organization had already experienced data leaks, DDoS or ransomware attacks.
“The healthcare sector is evolving to meet the demand for accessible help by actively adopting connected devices, but this also adds unique cybersecurity challenges typical to the embedded systems,” comments Sergey Martsynkyan, vice president of corporate product marketing at Kaspersky. “Our report confirms that many organizations still use medical devices that run on old OS and face obstacles that hamper upgrades. While there is a need for developing a strategy of modernization, there are also solutions and measures available which can help to minimize the risks in the meantime. Those combined with medical staff awareness can significantly raise the security level and pave the way for the future development of the healthcare industry.”
To help the healthcare sector minimize the likelihood of cyber-incidents caused by obsolete and unpatched systems, Kaspersky recommends taking the following steps:
More insights on the current state of the healthcare industry are available in the report.
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.