Receive our newsletter – data, insights and analysis delivered to you
  1. Comment
December 17, 2021updated 07 Jan 2022 8:47am

Cybersecurity risks in medical devices

There needs to be an increased understanding of where cybersecurity threats to medical devices are coming from and how to stop them.

By Emil Filipov

Taking greater cybersecurity measures to protect medical devices is more important now than ever. For more than a decade, healthcare has been the largest target for data breaches. Breaches of data in a healthcare setting can have severe implications, as patients’ lives can be in danger from outdated and unprotected medical devices. For example, if computed tomography (CT) or magnetic resonance imaging (MRI) equipment is tampered with, it could result in incorrect diagnoses or even incorrect or unnecessary medical procedures.

The American Hospital Association’s senior advisor for cybersecurity and risk recently stated that many medical devices used in hospitals today are legacy devices. These older medical devices are at a higher risk of ransomware attacks and rely on systems that no longer support security patches and updates. Such devices were not built with security in mind, which leads them to be more vulnerable. In fact, medical devices see an average of 6.2 vulnerabilities for each device, and many critical devices such as pacemakers and insulin pumps have been recalled by the US Food and Drug Administration (FDA) because of security issues. In addition, more than 40% of medical devices are too outdated for security updates or patches, while 83% of medical imaging devices are legacy systems that are too outdated to update.

Given that experts are aware that healthcare data is the most commonly breached data type, there should be an effort to combat this security risk. There needs to be a greater understanding of where the threats are coming from and how to stop them. In addition, the knowledge that many of the most critical devices are legacy devices and too old to update is concerning. The ability to update a device could be crucial to ensuring cybersecurity. As such, one way to reduce data breaches in healthcare could be to invest in newer devices.

As well as understanding how these data breaches are possible, it is helpful to know where they are coming from. Last year, the Healthcare Information and Management Systems Society conducted a survey that discovered a total of 89% of initial compromises in hospitals occurred via email, while 57% of cyberattacks in healthcare began through trusted insiders.

In addition to providing hospitals with new devices that can receive security updates, another idea is to use predictive technology such as ‘breach likelihood’, which is available in other fields and would provide the probability and consequences of a breach happening based on a device. This kind of technology may provide visibility, which is especially necessary among the legacy medical devices

Content from our partners
Precision wire: The future of bespoke medical treatment
Why this global life sciences COO believes relocation to Charleston, SC, was key to achieving next-level success
“This technique means everything to us”: How CGM devices empower users 
Related Companies

NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. The top stories of the day delivered to you every weekday. A weekly roundup of the latest news and analysis, sent every Friday. The medical device industry's most comprehensive news and information delivered every month.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy