Study: Connected devices pose security risks for most health systems
Monday, September 09, 2019
Regarding healthcare technology, there are a few notable maxims: things move quickly; there's a lot of money pouring into the sector; and security always is a concern.
Case in point: eight out of 10 healthcare organization security leaders admit that they have experienced an internet of things (IoT) cyberattack in the past year. Of these organizations, 30% said the security incident compromised end-user safety.
These are the findings of a new study released by security software company Irdeto. The Netherlands-based firm polled 232 healthcare security decision-makers.
The firm suggests that these care providers should make sure to strengthen their IoT security strategies to safeguard patients' safety; 82% of the surveyed parties experienced an IoT-focused cyberattack in 2018.
Health systems say they lack necessary measures to counter cyberattacks — despite being aware of the areas that are vulnerable and need to be protected. Of those surveyed, 50% said their IT network was most prone to the attack, followed by 45% saying mobile devices were at risk, and 42% IoT devices.
Irdeto also previously surveyed security decision-makers from several industries — including healthcare, transportation, manufacturing, and IoT device manufacturers — in five countries: China, Germany, Japan, the U.K., and the U.S.
81% of U.S. organizations experienced an IoT cyberattack. Operational downtime was the biggest problem (55%); compromised customer data (37%), and compromised end-user safety (36%) followed. Only 11% of respondents said there was no impact from an IoT security event.
The results suggest healthcare continues to be aware of the security issues but continue to face vulnerabilities in their infrastructure. There are up to 15 million medical devices in US hospitals today, with up to 15 connected medical devices per patient bed, according to research from security company Zingbox.
"These findings suggest that network security is no longer enough to prevent significant damage and organizations need to factor security at both the app and device-level into their strategy," the report's authors said.
Device manufacturers are aware of the problem; 82% of those interviewed saying they are concerned the devices are not protected from a possible attack.
"For many manufacturers of IoT devices, security is still an afterthought instead of something that should be implemented at the very beginning," the report's authors said.
The average financial impact of an IoT-focused cyberattack in healthcare was $346,000, the survey found.
About 70% of medical devices will run unsupported Windows operating systems by January 2020, according to a cybersecurity report from Forescout. Microsoft support for devices running Windows 7, Windows 2008 or Windows Mobile is planned to expire by Jan. 14, 2020.
Healthcare also faces an average cost of $6.5 million per breach incident, which is about 60% higher than other industries (not explicitly referring to IoT breaches). External attackers are not the only threat as insiders continue to be a problem. One in five healthcare employees said they would be willing to sell sensitive information to unauthorized parties for less than $1,000.
Securing connected devices — unsupported legacy devices and new IoT devices — is a priority for healthcare IT security professionals since medical devices outnumber healthcare staff three to one. So, as the healthcare industry embraces digital transformation, ransomware and insider threats, third-party breaches are getting more sophisticated and more challenging to prevent.
- Best exercises for gluteus medius strengthening
- Pectoralis minor: Far from a minor problem
- The importance of hip internal rotation
- The top 5 exercises you should be doing
- 17 of the most specific, bizarre ICD-10 codes
- The addictive eye drops that kill
- BSN or ADN? Nursing at a crossroads
- Back to the future with Ford bioplastics
- The most important job of a leader
- Is your hospital’s patient-centered approach specific enough?
- Wielding the power of offline discussions
- Remodeling activity to ease, then dip in 2020
- What you should know about Texas’ newest gun laws
See your work in future editions
Your content, Your Expertise,
Your Industry Needs YOUR Expert Voice & We've got the platform you needFind Out How