Adrian Johnson
TLDR:
SecurityScorecard gave healthcare a “B+” in cybersecurity, noting that the industry’s security ratings were higher than expected. Medical device manufacturers and distributors scored worse due to outdated web browsers and were more susceptible to attacks. The report highlights the need to monitor supply chain risks and address vulnerabilities in the healthcare ecosystem.
Article Summary:
Healthcare organizations received a “B+” grade in cybersecurity, with 90% of companies scoring an A or B. The high rating was attributed to large, publicly traded companies in the sample and the number of pharmaceutical and biotechnology companies studied. However, medical device manufacturers and distributors scored poorly, with outdated web browsers contributing to lower endpoint security ratings.
The report emphasized the importance of monitoring supply chain risks to prevent cyberattacks like the one experienced by Change Healthcare. Vulnerable medical devices were identified as a distinctive risk factor, posing threats not just to hospitals but also to the manufacturers themselves. SecurityScorecard highlighted common cybersecurity issues, such as redirect chains containing HTTP and weak SSL/TLS protocols.
Outsourcing work to third parties was flagged as a potential risk for healthcare organizations, especially when it involves sensitive data or vulnerable software. The report called for a broader look at the risk posed by medical devices and stressed the need for proactive cybersecurity measures to safeguard the healthcare industry.
