Bad Repairing Practices in Healthcare Exposed on Ponemon Institute Study

April 11, 2018


A latest survey carried out by the Ponemon Institute for ServiceNow has disclosed that healthcare and pharmaceutical businesses are not keeping up to date on repairing. Faults are not being repaired rapidly leaving organizations vulnerable to attack.

The survey was sent to 3,000 safety workers from groups with over 1,000 staff members across a broad variety of industry sectors and countries. The results of the survey were incorporated in the report: Today’s Condition of Weakness Response: Repair Work Requires Attention.

The report indicated 57% of those that took the survey respondents had endured at least one data breach in which access to the network was gained by abusing a flaw for which a patch had earlier been issued. A third of respondents replied that they were conscious that the weakness was there and a patch was available prior to the breach. More disturbing was two third of groups didn’t know they were vulnerable to attack.

Although there is a major danger of weaknesses being abused, 37% of respondents said they don’t check for dangers and for that reason cannot be certain all weaknesses are identified and tackled. The pharmaceutical and healthcare sectors were a tad better than average, even though 28% of IT security employees from those industries said weakness checking was not finished.

65% of cybersecurity employees said they find it tough to arrange to repair and determine what software must be repaired first. 61% said manual procedures were putting them at risk when repairing flaws, and an average of 12 days was being lost organizing repairing activities across groups.

Over three quarters of IT security employees felt the delay in repairing vulnerabilities was because of a deficiency of trained staff. They just didn’t have sufficient staff members to keep on top of repairing. On average, 321 hours a week are being spent on weakness management, but even so, medium to low priority repairs are still taking eight weeks or more to be fixed.

60% of respondents saying they were employing more staff in the next year to help expedite the repairing of faults. On average, groups are looking to hire four new workers exclusively for weakness response.

Making a decision to bring in more staff is one thing. Hiring staff is a separate problem. There is a lack of trained IT workforce and the problem is becoming worse. As per a latest survey carried out by the advocacy group ISACA, by 2019 there will be 2 million unfilled cybersecurity positions.

Even if workforce can be employed, there is no assurance that safety posture can be substantially improved. While more staff might definitely assist some businesses, the report indicates there is a repairing paradox – employing more staff doesn’t mean better safety.

ServiceNow Security and Risk Vice President and General Manager Sean Convery said: “Increasing more talent alone won’t tackle the main problem afflicting today’s safety groups. Computerizing routine procedures and prioritizing weaknesses assists organizations avoid the ‘patching paradox,’ instead of focusing their people on important work to radically decrease the possibility of a breach.”

The Ponemon Institute/ServiceNow study presents five approvals that can assist groups to develop a roadmap to a better safety posture.

  • Record an impartial inventory of weakness reaction capabilities.
  • Speed up time-to-benefit by tackling low-hanging fruit first.
  • Break down data considerably between safety and IT to regain lost time spent organizing between the two.
  • Describe as well as arrange end-to-end weakness reaction procedures and then computerize as much as you can within reason.
  • Make sure retention of talent by concentrating on culture and work atmosphere.