Duo Security has an impressive record on providing advice to customers on how delays in updating software and operating systems can put an entire organisation, especially in healthcare, at the mercy of attacks. It offers what is called two-factor authentication — to identify who is trying to access a computer or network — to more than 8,000 companies and organisations in more than 100 countries.

Hospital Matters talked to Kyle Lady, Senior Manager, R&D at Duo Security in the U.S. after the company published a new report providing real world data on the proportion of organisations at risk, running old or outdated operating systems, browsers, or plugins—making endpoints more susceptible to vulnerabilities.

The report based on a global dataset comprising 4.6 million endpoints used by businesses came up with some worrying figures for healthcare. Kyle Lady says: “Three quarters of all healthcare organisations are running Windows 7 — much higher than the industry average, which was the NHS’ downfall in the recent WannaCry attack. Worryingly, 3 per cent of all endpoints are still running totally unsupported Windows XP.

Only 16 per cent of healthcare organisations are running the latest Windows 10 and healthcare with machinery are the two sectors with the fewest number of endpoints running Windows 10. However, the urgency around healthcare organisations upgrading from Windows 7 is made more acute because Microsoft is ending support for it in three years.”

The report’s key finding that will worry many IT directors at hospital trusts in the UK is that across browsers, plugins, and operating systems, healthcare is less up to date compared to the overall average.

Kyle Lady highlights the findings in the report about dangers of Adobe’s Flash which is increasingly out of date. He says: “The percentage of endpoints running an out of date version of Flash has increased from 42 per cent in 2016 to 53 per cent in 2017. Flash is the most out of date on IE (58 per cent) while it is most up to date on the Chrome browser (65 per cent).”

Duo Security is keen to stress the value of its advice to healthcare organisations urging the following for IT administrators: verify the identities of your users, check the security health of every device, and protect both on premises and cloud applications. In addition, it urges healthcare entities to use two-factor authentication, use a secure factor – U2F, patch and update regularly, enable mobile security features, uninstall Flash and Java and switch to Google Chrome.