Study: Are medical devices at risk?

29.05.2017

medical-tech-hacked 

 

Many healthcare delivery organizations (HDOs) are deeply worried and feel threatened by hacker attacks against medical devices, but only a few have taken steps to address the threat, according to a study commissioned by Synopsys.

The survey, conducted by Ponemon Institute, shows that 67% of medical device manufacturers and 56% of HDOs believe it may be possible for the next 12 months to undergo a hacker attack on the medical devices they are developing or using.

One-third of respondents were informed of cybercrime that affected patients, leading to inappropriate therapy or treatment delivery. Among the incidents, are reported attacks with ransomware, DoS attacks, and hijacking of medical devices.

17% of device manufacturers and 15% of HDOs have taken significant steps to prevent hacker attacks, showing that a frightening minority of companies have genuinely responsible behavior. About 40% admit that they have done nothing to prevent a hacker attack. Ever.

25% of medical device manufacturers and 38% of HDOs believe that security mechanisms built into devices can adequately protect patients and healthcare professionals who use them.

Half of the respondents believe that the use of mobile devices in hospitals and other healthcare facilities dramatically increases their cybersecurity risks.

Almost all respondents, however, think that ensuring the safety of medical devices is a very difficult job to do. According to the survey, many companies are simply trying to meet security requirements instead of implementing more effective practices, for example, conducting professional invasive penetration tests to ensure their development security throughout the lifecycle.

More than 50% of device manufacturers and HDOs are accusing their products` lack of security on vulnerable codes.

According to survey results, 36% of manufacturers and 45% of HDOs do not test their devices at all. However, those who conduct tests recognize that they have discovered vulnerabilities and malware. For this reason, TAD GROUP reminds you that the only way to ensure the security of networks and systems is to regularly perform professional penetration tests to reveal their vulnerabilities and eventual real hacker presence in them.

Would you like to comment on this article?

Share

Latest articles

17.10.2017

Guide for GDPR compliance

In May 2018, the General Data Privacy Regulation (GDPR) will take effect, significantly changing the way organizations process and store data.

21.08.2017

BEURK - Experimental Unix RootKit

BEURK is an user-land preload rootkit for GNU/Linux.

05.07.2017

U.N. survey did not find cybersecurity gaps just in Singapore

50% of countries do not have a cybersecurity strategy at all.

Sign up for our online newsletter!