The increasing adoption of connected medical devices is accelerating cyberattacks, according to Capterra’s Medical IoT Survey of healthcare IT professionals. Devices with IoT sensors, such as glucose monitors, insulin pumps, and defibrillators, often have unprotected security vulnerabilities that endanger healthcare facilities, and even patients themselves. According to Capterra’s survey, medical practices with more than 70% of their devices connected are 24% more likely to experience a cyberattack than practices with 50% or fewer connected devices. The survey also reveals that 67% of healthcare cyberattacks impact patient data and 48% impact patient care, an indication that rising security risks in the industry are leading to severe consequences in patient outcomes and privacy. Although the majority of healthcare IT staff rate the cybersecurity threat level in the industry as high or extreme, many are not taking the necessary steps to protect medical IoT devices. Over half (57%) do not always change the default username and password for each new connected medical device that is put into use, and 82% run connected medical devices on old Windows systems.
Simon Randall, CEO and Co-Founder of PIMLOC, video privacy and analytics platform, provides further insight:
“No matter how unlikely the target, individuals and organisations must be diligent about good cybersecurity on every device that is connected to the internet. Cyber criminals will take advantage of any vulnerability for their own ends, so it is important that there are no chinks in the armour for a threat actor to exploit. When it comes to healthcare, it is not only the usual cache of data – such as usernames, contact details, and passwords – that is at risk, but also intimate details about individuals’ bodies and wellbeing. This information must be closely guarded, and stored as securely as possible, to prevent data leaks as well as criminal threats. Although it can be useful to upload and transfer the data for analysis and treatment purposes, it is essential that this is handled with the utmost sensitivity – organisations might even consider anonymising information to minimise the risk if any leaks did occur and to allow for compliant sharing of data.”
To read more news and exclusive features see our latest issue here.
Never miss a story… Follow us on:
Security Buyer UK
@SecurityBuyerUK
@SecbuyerUK
Media Contact
Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: editor@securitybuyer.com