Study found that almost half of health care cyberattacks affect patient care
The survey also found that the medical internet of things (IoT) – connected devices like glucose monitors, insulin pumps, and defibrillators – are making it easier for hackers to gain access to practices. These devices often have security vulnerabilities the endanger health care facilities and patients. The study found that medical practices with more than 70% of their devices connected are 24% more likely to experience a cyberattack than practices with 50% or fewer connected devices.
“As a health care organization connects more medical devices to its network, its attack surface expands,” says Zach Capers, senior security analyst at Capterra, in a statement. “Connected medical devices often go unmonitored for security vulnerabilities, and because they run on a wide array of software and hardware platforms, it’s difficult to monitor with a single tool. This means that many connected medical devices are left wide open to cyberattacks.”
More than half (53%) of health care IT staff rate the cybersecurity threat level in the industry as high or extreme, yet many health care organizations are not taking the necessary steps to protect medical IoT devices. According to the report, 57% do not always change the default username and password for each new connected medical device that is put into use. Additionally, 82% run connected medical devices on old Windows systems.
If a security vulnerability is discovered, organizations should patch the device or update its firmware as soon as possible. Unfortunately, 68% of health care organizations don’t always update connected devices when a patch is available, according to the report. However, vulnerabilities and associated patches aren’t always well publicized, which means healthcare IT staff must stay up-to-date on emerging threats to medical IoT devices.
Capterra officials say that medical IoT security requires proactive and ongoing vigilance. Health care practices should conduct routine vulnerability assessments before connecting medical devices to their IT network. They should also keep an up-to-date and accurate inventory of all connected devices plus associated software and firmware, and use software to monitor these devices.