Survey: Stakeholders Predict More Medical Device Attacks as Security Lags | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Survey: Stakeholders Predict More Medical Device Attacks as Security Lags

May 26, 2017
by Rajiv Leventhal
| Reprints

Some 67 percent of medical device manufacturers and 56 percent of healthcare delivery organizations (HDOs) believe an attack on a medical device built or in use by their organizations is likely to occur over the next 12 months, according to new research from San Jose, Calif.-based electronic design automation company Synopsys.

The survey also found that roughly one-third of device makers and HDOs are aware of potential adverse effects to patients due to an insecure medical device, but despite the risk, only 17 percent of device makers and 15 percent of HDOs are taking significant steps to prevent such attacks.

Also alarmingly, only 9 percent of manufacturers and 5 percent of HDOs say they test medical devices at least once a year, while 53 percent of HDOs and 43 percent of manufacturers do not test devices at all.

Focused on the North America market, the study surveyed approximately 550 individuals from manufacturers and HDOs, whose roles involve the security of medical devices, including implantable devices, radiation equipment, diagnostic and monitoring equipment, robots, as well as networking equipment designed specifically for medical devices and mobile medical apps. The Synopsys study, "Medical Device Security: An Industry Under Attack and Unprepared to Defend,” was conducted by the Ponemon Institute, an IT security research organization, and was aimed at identifying whether device makers and HDOs are in alignment about the need to address cybersecurity risks.

Other key findings from the study highlight:

  • Building secure devices is challenging. Eighty percent of device makers and HDOs report that medical devices are very difficult to secure. The top reasons cited for why devices remain vulnerable include accidental coding errors, lack of knowledge/training on secure coding practices and pressure on development teams to meet product deadlines. 
  • Lack of accountability. While 41 percent of HDOs believe they are primarily responsible for the security of medical devices, almost one-third of both device makers and HDOs say no one person or function in their organizations is primarily responsible.
  • FDA guidance is not enough. Only 51 percent of device makers and 44 percent of HDOs follow current FDA guidance to mitigate or reduce inherent security risks in medical devices.

"The security of medical devices is truly a life or death issue for both device manufacturers and healthcare delivery organizations," Larry Ponemon, Ph.D., chairman and founder of the Ponemon Institute, said in statement. "According to the findings of the research, attacks on devices are likely and can put patients at risk. Consequently, it is urgent that the medical device industry makes the security of its devices a high priority."

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Adam Boehler Tapped by Azar to Serve as Senior Value-Based Care Advisor

Adam Boehler, currently director of CMMI, has also been named the senior advisor for value-based transformation and innovation, HHS Secretary Alex Azar announced.

Vivli Launches Clinical Research Data-Sharing Platform

On July 19 a new global data-sharing and analytics platform called Vivli was unveiled. The nonprofit group’s mission is to promote, coordinate and facilitate scientific sharing and reuse of clinical research data.

Survey: More Effective IT Needed to Improve Patient Safety

In a Health Catalyst survey, physicians, nurses and healthcare executives said ineffective information technology, and the lack of real-time warnings for possible harm events, are key obstacles to achieving their organizations' patient safety goals.

Physicians Still Reluctant to Embrace Virtual Tech, Survey Finds

While consumers and physicians agree that virtual healthcare holds great promise for transforming care delivery, physicians still remain reluctant to embrace the technologies, according to a new Deloitte Center for Health Solutions survey.

Geisinger, AstraZeneca Partner on Asthma App Suite

Geisinger has partnered with pharmaceutical company AstraZeneca to create a suite of products that integrate into the electronic health record and engage asthma patients and their providers in co-managing the disease.

Analysis: Healthcare Ransomware Attacks Decline in First Half of 2018

In the first half of 2018, ransomware events in major healthcare data breaches diminished substantially compared to the same time period last year, as cyber attackers move on to more profitable activities, such as cryptojacking, according to a new report form cybersecurity firm Cryptonite.