According to Kaspersky’s latest Healthcare report, half of UAE healthcare organizations confirm that all their medical equipment runs on up to date software. Legacy OS installations leave organizations vulnerable to cyberattacks.
Maintaining security
The healthcare industry has faced severe pressure due to the global COVID pandemic and has been forced to speed up the implementation of new developments. Kaspersky’s report was conducted in order to discover if healthcare organizations were maintaining security standards while developing their systems.
Legacy OS use
The research found that use of a legacy OS was prevalent among providers, largely due to the high cost of upgrading their systems, compatibility issues or a lack of internal understanding of the issue.
The use of legacy technology is an issue as software developers can cease support for older systems and halt updates that might patch newly discovered vulnerabilities. If software is left unpatched, cybercriminals can exploit weakness and gain access to the network.
Only 20% of healthcare workers are very confident that their organization can stop all security attacks or breaches. 40% expressed belief that their organization had updated their systems.
30% of UAE respondents agreed that their organization had experienced data leaks, DDoS or ransomware attacks.
“The healthcare sector is evolving to meet the demand for accessible help by actively adopting connected devices. But this also adds unique cybersecurity challenges typical to the embedded systems. Our report confirms that many organizations still use medical devices that run on old OS and face obstacles that hamper upgrades. While there is a need for developing a strategy of modernization, there are also solutions and measures available which can help to minimize the risks in the meantime. Those combined with medical staff awareness can significantly raise the security level and pave the way for the future development of the healthcare industry,”said Sergey Martsynkyan, VP, Corporate Product Marketing at Kaspersky about the legacy OS issue.
Kaspersky recommended that healthcare providers take the following steps to better secure their networks and to address the legacy OS issue:
- Conduct basic cybersecurity hygiene training, as many attacks start with phishing or other social engineering techniques.
- Carry out a cybersecurity audit of networks and remediate any weaknesses discovered in the perimeter or inside the network.
- Install anti-APT and EDR solutions, enabling threat discovery and detection, investigation, and timely remediation of incidents capabilities. Provide the SOC team with access to the latest threat intelligence and regularly upskill them with professional training.
- Along with proper endpoint protection, dedicated services can help defend against high-profile attacks. Managed Detection and Response services can help identify and stop attacks in their early stages before the attackers achieve their goals.
- Harden embedded systems in medical devices that are rarely updated.
Kaspersky recently announced that nearly 50% of cyberattacks in 2021 involved ransomware.
