Medical organisations witnessed 19% of attacks in 2019, however in US and Canada 32% medical staff say were untrained in cybersecurity.
More than two years after the infamous Wannacry ransomware crippled medical facilities and other organisations worldwide, the healthcare sector seems to be learning their lessons, according to a Kaspersky report.
Medical organisations have witnessed only 19 per cent of attacks in 2019, which is significantly lower than 28 per cent of last year, and the 30 per cent attacks that occurred on them in 2017.
However, while the overall statistics look reassuring, more than seven-in-10 medical machines in Venezuela (77 per cent), the Philippines (76 per cent), Libya (75), and Argentina (73 per cent) are still being subjected to web attacks based on the company’s freshest data. Two more countries in the Asia Pacific region were in the Top 15 nations with the most number of detected infections. These include Bangladesh logging 58 per cent of attacked devices and Thailand with 44 per cent.
The numbers were derived after Kaspersky researchers divided the number of devices in medical organisations in the countries with Kaspersky solutions by the number of devices where malicious codes were detected. Medical devices include all servers, computers, mobiles and tablets, IoT gadgets, and hospital machines that are connected to the internet inside a healthcare facility.
Operating System statistics
In terms of the loopholes cybercriminals use to infect hospitals and medical facilities, that outdated Microsoft office accounts to 59 per cent of all exploit attacks in 2019. It is followed by EternalBlue (32 per cent), which is related to Wannacry, as well as Android devices (2 per cent) which are gaining increased access in medical networks.
Human failing
A Kaspersky survey in healthcare sector in US and Canada uncovered that nearly a third of all respondents (32 per cent) said that they had never received any cybersecurity training from their workplace. There is also one-in-10 employees in management positions which admitted that they were not aware of a cybersecurity policy in their organisations.
Acknowledging the serious threat cybercriminals can do against healthcare, Kaspersky suggests medical facilities to: