It’s been no secret that the proliferation of medical devices was increasing the risk of security breaches, but the situation is perhaps worse than most healthcare stakeholders expected.
That’s according to a new study from the Ponemon Institute, Medical Device Security: An Industry Under Attack and Unprepared to Defend, sponsored by Synopsys, which found that “Only 9 percent of manufacturers and 5 percent of users say they test medical devices at least annually.”
As our colleague Tom Sullivan points out at HealthcareIT News, “Such little testing comes despite the overall lack of confidence that devices are secure, widespread recognition of the risks unsecured systems pose, and only about 30 percent of manufacturers and hospitals indicating that they encrypt data associated with internet-of-things devices.”
The study also found that 67 percent of medical device manufacturers and 56 percent of healthcare delivery organizations (HDOs) believe an attack on a medical device built or in use by their organizations is likely to occur over the next 12 months. Approximately one third of device makers and HDOs are aware of potential adverse effects to patients due to an insecure medical device, but despite the risk only 17 percent of device makers and 15 percent of HDOs are taking significant steps to prevent such attacks.
The Synopsys study aimed at identifying whether device makers and HDOs are in alignment about the need to address cybersecurity risks. Focused on the North America market, the study surveyed approximately 550 individuals from manufacturers and HDOs, whose roles involve the security of medical devices, including implantable devices, radiation equipment, diagnostic and monitoring equipment, robots, as well as networking equipment designed specifically for medical devices and mobile medical apps.