Cyber attacks and data breaches in healthcare are on the rise. Security researchers have been warning about the need to secure medical devices and the impact of insecure devices on patient lives. The recent proliferations of ransomware like 'WannaCry' and 'Petya' further emphasizes the need to have a robust security policy for the most critical of the assets in a healthcare delivery organization. A recent research study published in May 2017 by Ponemon Institute* sponsored by Synopsys*, provides several data points on why it is important to prioritize medical device security by both the manufacturers (MDM) and the Healthcare Delivery Organizations (HDO).
Not surprisingly, the research finds that 67 percent of MDMs and 56 percent of HDOs who participated in the study believe an attack is likely in next 12 months. Also, 38 percent of the HDO respondents say they are aware of inappropriate patient treatment delivered due to medical device related issues.
Despite this, the study finds that only 17 percent of the device makers and 15 percent of the HDOs are taking significant steps to address this issue. The study also states that "Both device makers and users have little confidence that patients and clinicians are protected". 80 percent of those surveyed stated medical devices are very difficult to secure and only 25 percent thinks the security controls included as part of the devices adequately protects clinicians and patients. Study also reveals the lack of security responsibility for medical devices within the organizations.
Majority of the HDOs (56 percent) surveyed does not take adequate steps to prevent attacks on medical devices. The report identifies the importance of testing and the lack of testing by both MDMs and HDOs. Majority of HDOs (53 percent) do not test or are unsure of testing.
The report calls out the importance of securing medical devices and the need to prioritize medical device security relative to the rest of the IT landscape. This reiterates the need for a robust medical device security risk management solution to be adopted by healthcare delivery organizations.
MediTechSafe has developed a proprietary solution to help hospitals manage the cybersecurity related risks from medical devices and clinical networks. If you are a healthcare provider (or a biomed services provider) interested in learning more about the solution, please reach us at firstname.lastname@example.org.
You can access the complete report here. (Links to content outside meditechsafe.com).
* Data & diagrams from Ponemon Institute report "Medical Device Security: An Industry Under Attack and Unprepared to Defend". MediTechSafe, LLC is not affiliated with Synopsys or Ponemon Institute.