The cyber defenses offered up by many medical facilities are so poor that attackers can get away with using outdated hacking tools when they go after these organizations, according to a new study by ESET.
Cameron Camp, security researcher with ESET North America told SCMagazine.com at RSA 2016 that the study, The State of Cybersecurity in Healthcare Organizations in 2016, found the leaders of many medical facilities don't understand the nature of the threat they are facing or how to respond. Because of this approach many allow their cyber security to become outdated making them an easy target.
“Fifty percent did not even have a plan in place to respond to an attack,” Camp said, this despite the fact that 48 percent of the respondents said they had experienced an attack in the last 12 months.
Camp said the first step that needs to be taken is for the culture in the medical community has to change. Some of the steps suggested by the report include is to put in place an incidence response plan along with a comprehensive backup and disaster recovery mechanism.
One of the most glaring issues uncovered was that many hospitals and medical facilities continue to use outdated security. The report stated that 78 percent of attacks took place through the exploitation of existing software vulnerabilities greater than three months old. This means hackers do not have to use their latest and greatest weapons to gain access.
“Attackers use older technology because medical defenses are so poor. They don't even have to waste a zero-day for the attack,” Camp said.