82% of healthcare organizations have experienced an IoT-focused cyberattack, survey finds
Eight out of 10 healthcare organizations have experienced an internet of things-focused cyberattack in the past year. Of the organizations hit by an attack, 30% said the security incident compromised end-user safety, according to a survey by security software company Irdeto.
There are 10 million to 15 million medical devices in U.S. hospitals today with an average of 10 to 15 connected medical devices per patient bed, according to research from security company Zingbox. The integration of internet-connected medical devices across healthcare, which is expected to rapidly increase, poses significant cybersecurity risks.
Irdeto surveyed 700 security decision-makers across the healthcare, transportation and manufacturing industries as well as IoT device manufacturers about cyberattacks targeting their organization and security measures currently in place. The research surveyed both manufacturers and users of IoT devices in five countries—China, Germany, Japan, the U.K. and the U.S. Around 230 of the survey respondents were security leaders in healthcare.
Healthcare security leaders ranked compromised customer data as their top concern as a result of a cyberattack (39%), followed by patient safety (20%) and stolen intellectual property (12%). Security executives also are concerned about brand or reputational damage and operational downtime.
Across all three industries, the survey found that operational downtime (43%) is the most common impact of a cyberattack, which in itself is likely to compromise patient safety when it comes to providers of critical care. This is followed by compromised customer data (42%) and brand or reputational damage (31%).
The survey results indicate healthcare organizations are aware of where the key cybersecurity vulnerabilities exist with their infrastructure but do not necessarily have everything they need to address them. When asked to identify where the most prominent vulnerabilities exist within healthcare organizations, the IT network was cited most frequently (50%), followed by mobile devices and accompanying apps (45%) and IoT devices (42%).
“These findings suggest that network security is no longer enough to prevent significant damage and organizations need to factor security at both the app and device-level into their strategy,” the report authors said.
Device manufacturers are aware of these security gaps, as 82% of IoT device makers say they are concerned the devices are not adequately secured from a cyberattack.
“This goes to show that for many manufacturers of IoT devices, security is still an afterthought instead of something that should be implemented at the very beginning,” the report authors said.
Failure to address these challenges could prove costly, with the average financial impact as a result of an IoT-focused cyberattack in the healthcare space identified as $346,000, according to the survey.
“The benefits of connectivity in healthcare are clear for all to see, but this growth in connectivity brings with it an increase in vulnerabilities, with hackers looking to steal sensitive medical data, execute targeted attacks against care providers’ infrastructure and much more,” Steeve Huin, vice president of strategic partnerships, business development and marketing at Irdeto, said in a statement.
Organizations need to upskill and implement robust cybersecurity strategies incorporating device and app security to ensure patient safety and optimal care, while preventing the extra costs insurance companies must charge as a result of a cyberattack, Huin said.
This news was previously published on: https://www.fiercehealthcare.com/tech/82-healthcare-organizations-have-experienced-iot-focused-cyber-attack-survey-finds
Sudipto writes technical contents periodically and backs it up with extensive research and relevant examples. He’s an avid reader and a tech enthusiast at the same time with a little bit of “Arsenal Football Club” thrown in as well. He’s got a B.Tech in Electronics and Instrumentation engineering.