Kaspersky study: Attacks on IIoT platforms in the German healthcare system increased. 21,3 percent of German companies experienced an increase in cyber attacks on their IIoT platforms during the Covid 19 pandemic. Only 30,7 percent believe that their IIoT is adequately secured.
The health industry has been increasingly threatened by digital attacks since the corona pandemic. In the health sector, IIoT platforms and thus devices such as magnetic resonance imaging (MRT) and computed tomography (CT) are also affected. Portable medical devices for remote monitoring of patients, such as measuring devices for blood sugar or blood pressure, are also vulnerable, provided they are connected to the office infrastructure. More than half (58,7 percent) of the decision-makers in Germany in the new Kaspersky survey "Patient Hospital - Kaspersky Study on the IT Security Situation in Healthcare in Germany, Austria and Switzerland" [1] rated the current one accordingly Threat situation for cybersecurity in your company as "high".
IIoT has become indispensable in healthcare
The Internet of Things (IoT) or Industrial Internet of Things (IIoT) has become an integral part of the healthcare sector: According to the Kaspersky study, 98 percent of the IT decision-makers surveyed in Germany have already implemented IIoT platforms in their companies. Such platforms offer cybercriminals another target for attack. After almost a quarter of German healthcare organizations (21,3 percent) experienced an increase in cyber attacks on their IIoT platforms during the Covid 19 pandemic, it is increasingly important to use these critical systems, which include operational technology - OT) belongs to protect accordingly.
Only 30 percent feel that they are adequately secured
In Germany, according to the Kaspersky study, currently only 30,7 percent of the study participants assume that the IIoT platforms in their company are adequately secured. This opinion is almost the same across countries (31 percent in Switzerland and 30 percent in Austria). Nevertheless, not even a quarter of companies in Germany (23,3 percent) are currently evaluating their existing security solutions or looking for new solutions.
In addition, the German healthcare system scores weaker in the DACH comparison when it comes to the segmentation of networks. The decoupling of critical infrastructures from the office network is considered an adequate means of preventing malware from entering the critical infrastructure of a hospital, for example. Compared to the two neighboring countries, only 22 percent of respondents in Germany separate critical systems from the office infrastructure. This IoT security risk is apparently taken more seriously in Austria (32 percent) and Switzerland (34 percent).
There is a lot of catching up to do in security for operational technology
“We see an enormous amount of catching up to do when it comes to security for operational technology. The fact that only a little more than one in four of those surveyed in the health sector in Germany separate critical systems from the office infrastructure is an alarm signal, "comments Christian Milde, General Manager Central Europe at Kaspersky. “77,1 percent of those surveyed by us in Germany have already experienced a security incident in connection with the OT platform they are using. Since critical devices such as X-ray machines are often part of the OT, the security of operationally critical and medical systems should urgently be sharpened. "
Important factors for the protection of IIoT infrastructures in the health sector and their implementation in Germany
In response to the open question “What is your greatest concern with regard to IT security in your company?”, A respondent from the field of “prevention, health promotion and nursing care” replied: “That our medical records are encrypted by ransomware and we are not Would have more access to them. In the worst case, this would lead to the death of patients. "
In order to ensure that such IT security incidents do not take place and that digital security in organizations continues to exist in the future, the following points should be taken into account and implemented:
Security audits
Study “Patient Hospital - Kaspersky Study on the IT Security Situation in Healthcare in Germany, Austria and Switzerland (Image: Kaspersky).
Only 34 percent of German companies carry out regular security audits of their IIoT platforms. However, regular reviews are essential for the security of IIoT structures.
Regular updates
Updates for IIoT platforms, on the other hand, seem to be perceived as significantly more important. Only 12,7 percent said they did not update regularly. In Austria this was said by 17 percent, in Switzerland percent. 23 percent. Updates are the key to closing existing gaps.
Network segmentation
In Germany, with only 22 percent, less than a quarter of the health companies and organizations surveyed carried out the separation of important systems. In Switzerland (34 percent) and Austria (32 percent), IIoT platforms and office networks are more often separated from each other. In general, but especially in the Federal Republic of Germany, there is definitely some catching up to do.
The complete study “Patient Hospital - Kaspersky Study on the IT Security Situation in the Health Care System in Germany, Austria and Switzerland”, including the cross-DACH figures and the breakdown by country, can be downloaded online.
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/