The Insecurity of Connected Devices in HealthCare 2022 report from Cynerio and The Ponemon Institute details some alarming trends for healthcare, including widespread and repeated attacks, financial losses measured in the millions and frequent failures to take basic cybersecurity measures.
WHY IT MATTERS
The report surveyed experts in leadership positions at 517 healthcare systems through the entire USA, and discovered that although healthcare internet of things/internet of medical things expand hospital attack surfaces, those devices are usually not protected.
In accordance with a joint statement from the researchers, 71% of survey respondents rated the security risks presented by IoT/IoMT devices as high or high, while only 21% reported an adult stage of security to safeguard those devices.
Of the 46% of these surveyed who performed well-known and accepted device security procedures, only 33% of the respondents keep a listing.
Survey results also indicated that 47% of these hospitals and medical facilities experiencing an attack paid a ransom, with 32% of the ransoms which range from $250,000 to $500,000. The report addresses a variety of financial impacts, attack types and investments manufactured in connected device and biometrics security.
THE BIGGER TREND
From IV pumps to fetal monitors, ransomware along with other cyber attacks can knock a hospitals IT system offline, disrupting staff communications and compromising patient care with poor visibility into patient monitoring and health history.
Several reports and federal analyses try to define the risks hospitals and their patients confront with rising cyber attacks that connect to higher mortality rates. In a single case before court in Mobile, Alabama, a mother alleges a 2019 ransomware attack on Springhill INFIRMARY compromised her planned cesarean section, leading to the next death of her infant some months later.
Threat actors continue steadily to target hospital systems because they’re felt to have money and urgent settings that depend on information to create decisions with multiple access points, and hospital boards are motivated to invest in cybersecurity measures. Implementing multi-layered security approaches and redundancy is preferred to avoid disruption in hospital operations when an attack occurs.
In accordance with IT leaders previously interviewed about their cybersecurity investments, hospitals need tools to control cyber environments, to detect and identify patch levels for several devices including biomedical devices, to report on information to arrive and much more surveillance.
ON THE RECORD
“Its clear that cyberattackers have increasingly focused their efforts on hospitals since 2020,” said Chad Holmes, security evangelist at Cynerio. “What have been unclear was the frequency and resulting damage of these attacks.”
Andrea Fox is senior editor of Healthcare IT News.
Healthcare IT News is really a HIMSS publication.