Healthcare Falling Behind in Cybersecurity Vulnerability Patching

Most healthcare entities have come to terms with the benefits of transitioning to the cloud. Accordingly, a report by Markets and Markets states that the global healthcare cloud computing market is expected to increase from USD $28.1 billion in 2020 to USD $64.7 billion by 2025. However, moving to the cloud does not erase all cybersecurity, rather it makes breach management and patching all the more important.

The Ponemon Institute conducted a survey which revealed that the healthcare industry is falling behind in patching and managing vulnerabilities in its systems, leaving them open to breaches and cyber attacks. Of the 3000 security professionals who participated in the survey, 57% said that their organisation had experienced one or more data breaches in which networks were accessed via vulnerabilities. Patches had already been released for the vulnerabilities at the time of the attacks but had not been implemented.

According to the survey, this is a regular occurrence because over half of cybersecurity experts struggle to stay on top of patching due to a great shortage in staff. Consequently, high priority patches are put first and the rest typically take eight or more weeks to be implemented. Cybersecurity Ventures predicts that by 2025, there will be 3.5 million open positions in cybersecurity.

Healthcare Falling Behind in Cybersecurity Vulnerability Patching

But while staff recruitment is the underlying cause of slow and inefficient patching, it is not the only culprit. Onboarding new talent does not necessarily ensure higher security levels, rather working towards the automation of standard operations and prioritising security weaknesses turns the organisation's focus to what is important for its development.

In order for an organisation to understand its weaknesses and overcome them, it should:

o Review and inventory its security measures and patching response capabilities

o Speed up time-to-benefit by dealing with easily achievable tasks first

o Break down silo barriers between the security and IT departments in order to improve coordination and collaboration between the two

o Preserve talent and new hires by establishing a suitable culture