Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Audits

Organizations Concerned About Medical Device Attacks: Study

Many manufacturers and healthcare delivery organizations (HDO) are concerned about medical device attacks, but only few have taken significant steps to address the threat, according to a study commissioned by electronic design automation solutions provider Synopsys.

Many manufacturers and healthcare delivery organizations (HDO) are concerned about medical device attacks, but only few have taken significant steps to address the threat, according to a study commissioned by electronic design automation solutions provider Synopsys.

The study, based on a survey of 550 individuals conducted by the Ponemon Institute, shows that 67 percent of medical device makers and 56 percent of HDOs believe an attack on the medical devices they build or use is likely to occur in the next 12 months.

In fact, roughly one-third of respondents said they were aware of cyber incidents that had a negative impact on patients, including inappropriate therapy or treatment delivery, ransomware attacks, denial-of-service (DoS) attacks, and hijacking of medical devices.

On the other hand, only 17 percent of device manufacturers and 15 percent of HDOs have taken significant steps to prevent attacks. Roughly 40 percent on both sides admitted that they haven’t done anything to prevent attacks.

Only 25 percent of device makers and 38 percent of HDOs are confident that the security mechanisms built inside devices can adequately protect patients and the clinicians who use these systems.

While mobile devices help clinicians be more efficient, approximately half of respondents believe that their use in hospitals and other healthcare organizations significantly increases security risks.

A majority of respondents believe securing medical devices is very difficult. The survey showed that many focus on security requirements instead of more efficient practices, such as security testing throughout the development lifecycle, code review, and dynamic testing.

Advertisement. Scroll to continue reading.

The study shows that more than half of device manufacturers and HDOs blame the presence of vulnerable code on lack of quality assurance and testing procedures, while nearly 50 percent also blame the rush-to-release pressure on the development team, accidental coding errors, and lack of training on secure coding practices.

The study shows that 36 percent of manufacturers and 45 percent of HDOs do not test devices. Some of those that do test have admitted finding vulnerabilities and even malware.

While medical device manufacturers are most concerned about hacker attacks and the challenges posed by securing new medical technologies, service providers are more concerned about keeping up with regulatory requirements, and the medical industry’s lack of protection for patients and users.

When it comes to budget, a majority believe a serious hacking incident affecting medical devices would likely lead to a budget increase. A significant percentage of respondents also believes new regulations would also influence budget.

Budget influence factors

Related Reading: Thousands of Third-Party Library Flaws Put Pacemakers at Risk

Related Reading: Sobering Thoughts When a Connected Medical Device Is Connected to You

Related Reading: Medical Devices Infected With WannaCry Ransomware

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...