Ever watched the American spy thriller, Homeland? In one scene, a baddie manages to assassinate the fictional vice president of America by remotely accessing his pacemaker. Is this possible or have the show writers taken too much creative freedom? The former. A recently released scientific paper warns that pacemakers can be rigged to fail or deliver lethal electric shocks. This may be an extreme example but still illustrates that the cybersecurity landscape is constantly evolving. As connectivity becomes ubiquitous, the increasing number of ‘things’ using software, such as medical devices, has created a new cybersecurity concern.
Yet despite these emerging threats only 41% of those surveyed from the Healthcare & Social Assistance Sector in the recent Canon Business Readiness Index on Information Security were ‘very/extremely concerned’ about suffering a security breach in the next 12 months. Optimistically however, more than half (59%) of healthcare organisations had been assessed for security risk management or IT security; just above a 56% average across various other industries including retail, education, financial services, and more. Still, 1 in 10 healthcare organisations (15%) haven’t been through these assessments and don’t intend to do so – a concern given the level of sensitive information they keep.
Getting the basic rights
In healthcare, where is there area for improvement? Technology and infrastructure. Interestingly, this poses the biggest security risk to the sector and broader business community. However, an organisation can’t place all the blame on legacy infrastructure. The majority have not even implemented basic strategies to mitigate risks. In healthcare, a concerning 62% have in place less than six of the Australian Signals Directorate's Essential 8, according to the Index.
There is also an emphasis on healthcare organisations to pay greater attention to the sensitive data they hold on file. More than half (53%) were most concerned with ‘protecting customer data’. Exactly half of survey respondents from the healthcare sector were concerned by ‘loss of personal identifiable information (PII)’ and ‘loss of customer or employee data’. In an age where cybercriminals have successfully breached the Pentagon – once perceived as an impenetrable fortress – these figures should be higher.
Digging deep
Luckily, there is a healthier outlook. Almost all sector respondents (44%) expect data security spending will ‘increase at least a little’ this year. This compares to an average of 56% across all industry sectors. A majority of the sector (67%) forecasts the increase to lie between 11-25%, which is promising.
Homeland may be a fictional television show yet the attack techniques exhibited have been proven possible. In healthcare, with patient records and lives on the line, lax security measures can have potentially fatal consequences.
To learn more about the Canon Business Readiness Index and how you can bolster your cyber defences, click here.