Kaspersky study reveals IT security level in the German healthcare system: every third IT decision-maker sees employees as the greatest IT security risk, almost 75 percent of those surveyed experienced attacks during the pandemic and one in four worries about the loss of confidential patient and company data.
The Federal Ministry of Health is relying on the increasing digitization of the health system. But how secure is the industry's IT infrastructure in Germany? As part of a new study, Kaspersky asked IT decision-makers from the healthcare ecosystem about the IT security situation in Germany, Austria and Switzerland. The study participants from the Federal Republic of Germany see their own employees as the greatest security risk for their own organization - although less investment is made in their training in Germany than in their Alpine neighbors.
Employees greatest risk - low investment in training
be added According to a third (34,7 percent) of those surveyed in Germany, there is a lack of tools and a lack of know-how for preventive IT security measures - For example, to identify dangers in advance. The fact that the German healthcare industry has recorded a consistently high level of attacks since the beginning of the Covid 19 pandemic also proves that there are still a few steps to be taken in terms of IT security.
Ranking of the cybersecurity challenge sorted by country Germany, Austria and Switzerland (Image: Kaspersky).
Almost three quarters (72 percent) of German companies in the health sector experienced at least one cyber attack on their organization during the pandemic. In a country comparison with Austria and Switzerland, the threat situation remained most constant in Germany: In this country, 31,3 percent stated that they had experienced a constant level of cyber attacks compared to the time before the pandemic.
"Almost two thirds of the respondents - 58,7 percent in Germany and 61,4 percent in the DACH region - from the healthcare sector rate the current digital threat situation as high for themselves", says Christian Milde, Managing Director Central Europe at Kaspersky. “This shows how important high-performance cyber protection is for the systems, some of which are very vulnerable, in many healthcare areas, such as in hospitals, care facilities or in research, advice and in the pharmaceutical sector. Decision-makers now have to take action and protect their systems preventively against malware and cyber attacks. "
Top attack vectors in Germany: spear phishing against spyware
Most cybersecurity problems in the health sector in Germany arose from spear phishing attacks (43,5 percent), followed by spyware with 31,5 percent, generic malware attacks (27,8 percent) and targeted attacks with 25,9 percent. Ransomware (25 percent), DDoS attacks (22,2 percent) and unpatched programs (18,5 percent) represent the lower half of cyber threats in the German healthcare system.
Employees as the greatest cyber risk
To the open question “What is your greatest concern with regard to IT security in your company?”, A survey participant from the field of prevention, health promotion, health and nursing care replied: “The carelessness of employees with regard to IT security in several aspects. "Two other voices from the same area continue:" People are always a factor when it comes to safety. If an employee reveals information, no security system can help ”and“ too few employees are trained. ”These individual statements are reflected in the study results for the DACH region and Germany.
Study "Patient Hospital - Kaspersky Study on the IT Security Situation in Healthcare in Germany, Austria and Switzerland" (Image: Kaspersky).
"30 percent of the IT decision-makers we surveyed in Germany see their employees and their lack of cybersecurity awareness in particular as the greatest IT security risk," says Christian Milde, Managing Director Central Europe at Kaspersky. "The good news is: Through appropriate training and courses, including by external IT security experts, all employees, regardless of which department, can be individually and comprehensively trained on how to properly deal with potential digital dangers in their respective area of responsibility."
However, only one in four (26,7 percent) of the IT decision-makers participating in the Kaspersky study can confirm that all employees have been fully trained in cybersecurity in the company.
One in four worries about the loss of patient and company data
In addition, the IT decision-makers surveyed in Germany from the healthcare sector are concerned about the possible loss of sensitive patient and company data. With 24 percent, almost a quarter of those surveyed see this as the greatest cyber threat, as the loss of patient files "in the worst case means that patients die", according to an employee from the field of 'prevention, health promotion and health and nursing care' interviewed in Germany.
The complete study "Patient Hospital - Kaspersky Study on the IT Security Situation in Healthcare in Germany, Austria and Switzerland" including the cross-DACH figures and the breakdown by country can be downloaded from Kaspersky.
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/