- Being able to detect, react, and mitigate a data breach is essential for any healthcare organization. However, a recent Tripwire survey found that health IT professionals are in fact overconfident in their ability to collect the necessary data to identify and remediate a cyber attack.
For the study, which was conducted by Dimensional Research, 763 IT professionals from a variety of industries were interviewed. Approximately 100 participants were from healthcare.
The majority of respondents - 90 percent - felt that they could detect configuration changes to endpoint devices on their organization’s network within hours, but 51 percent were unsure how long that process would actually take.
Citing data from the Verizon 2016 Data Breach Investigations report, the survey showed that these results may lead to IT professionals being overconfident. Sixty-three percent of successful healthcare system compromises occurred within minutes, according to Verizon, while over half - 56 percent - of healthcare data breaches took months to detect.
“There’s no argument that these basic controls work and contribute directly to an organization’s cyber security, yet the research shows they are not in place at enough health care organizations,” Tripwire Senior Director of IT Security and Risk Strategy Tim Erlin said in a statement. “This is occurring at a time when the health care industry is facing unique cyber threats, from physical theft to sophisticated ransomware campaigns.”
The study also found that organizations may not have the right tools in place to assist with data breach detection. Sixty-percent of respondents said their automated tools do not pick up all of the critical details or information necessary to identify the locations and departments where unauthorized devices are detected.
Furthermore, 43 percent of those surveyed stated that less than 80 percent of patches succeeded in a typical patch cycle.
Also for data breach detection on devices, 83 percent of respondents felt that they could detect configuration changes to a network device within hours. However, 46 percent admitted that they were unsure how long the process would actually take.
“The basics of finding unauthorized devices and vulnerabilities and applying patches in a timely manner should be done at every organization in order to create a baseline of cyber security, Erlin added. “These fundamental controls should be in place before organizations look at the latest shiny security object.”
Even as data breaches continue to plague healthcare organizations, difficulties with detection is unfortunately not a new discovery.
An Advisen survey from earlier this year found that while 42 percent of respondents said they do test their response plans, another 41 percent reported they do not test their plan or that they do not know if they test it.
Researchers noted that organizational communication could be a key barrier, as 60 percent solely rely on the IT department to mitigate breaches. Therefore, not all employees may know about the breach mitigation plans.
Ideally, all departments should be included in an organization’s breach response plan, according to the researchers, and not be fully reliant on just one department.
“Cybersecurity experts recommend that a breach response team consist of a cross-section of internal personnel as well as external members,” the report explained. “Data breach response teams often include executive management, legal, privacy/compliance, IT, information security, risk management, and other stakeholders from the company’s various business units. External members often include privacy counsel, computer forensics and breach response specialists, and a crisis management firm.”