A Concerning Gap in Cybersecurity for Connected Medical Technology

By | November 5, 2018

Notwithstanding mass adoption of antivirus protection and firewalls among healthcare providers, there remains a security gap for biomedical technologies, according to a report from Zingbox.

This concerning finding was confirmed in recent observations from Gartner, which wrote in a market trends report that, “generally, medical devices are not replaced for at least ten years, with many running old software that has not been updated or patched.”

Zingbox learned that most healthcare executives say they’re confident in their ability to protect connected medical devices: 79% of health IT professionals say they have real-time information about which connected devices are vulnerable to cyber-attacks, 87% are confident that the devices are protected from an attack, and 69% say their traditional security approaches for computers are adequate to secure connected medical devices.

However, there’s a disconnect between these sanguine perceptions about cybersecurity versus the actual solutions in place, Zingbox found.

Zingbox surveyed over 400 U.S.-based healthcare IT leaders for the survey in October 2018.

Health Populi’s Hot Points:  Unisys published their 2018 Security Index, finding growing global insecurity concerns among consumers about the internet, identity theft and bankcard fraud — ahead of terrorism, natural disaster and epidemic threats.

It’s important to note that 79% of consumers support the idea of medical devices and sensors that immediately transmit significant changes to peoples’ doctors, as the bar chart from Unisys’s consumer survey data illustrates. But at the same time, Unisys VP and global head of Life Sciences and Healthcare Jeff Livingstone noted in the Index report that, “We’re seeing in life sciences and healthcare that criminals are moving away from financial fraud and bankcard fraud, and more toward identity theft related to healthcare personal data. It’s become very lucrative for criminals to mine healthcare identifies on the black market.”

To deal with this growing challenge, this week the U.S. Department of Health and Human Services launched the Health Sector Cybersecurity Coordination Center. October is National Cybersecurity Awareness Month (who knew?) and this Center demonstrates DHHS’s commitment to keeping U.S. healthcare secure from cyber-attacks.

There were over 400 major healthcare breaches reported between 2017 and 2018, accessing sensitive medical data, targeting patient medical equipment, and seeking to extort financial gain.

In the promising and growing Internet of Things landscape for healthcare providers and patients, more medical “things” will be connected to the internet for remote health monitoring, patient care, and diagnostics. The more connected nodes in healthcare, the more temptations and opportunities for cyber-attackers to attack. Being honest and mindful about these threats is step one; step two is shoring up the security for each of them, and across the healthcare enterprise.

Consumers and clinicians would be wary of using medical devices known to be hacked, shown in the last graphic from a recent PwC study.

Without security strategies and assurances, patients-as-consumers would be less likely to want to share their healthcare data with providers and researchers, and patient care and cures will be the poorer for that. Furthermore, the enterprise itself could lose patient-customers, wary of using a specific hospital facility whose equipment was hacked. Risk management for cybersecurity in healthcare touches finance, quality and reputation alike.

HealthPopuli.com