Posted by Robert Vamosi on May 25, 2017
In a new report, Synopsys found that 67% of medical device manufacturers and 56% of healthcare delivery organizations (HDOs) believe an attack on a medical device built or in use by their organization is likely to occur over the next 12 months.
The Synopsys report, Medical Device Security: An Industry Under Attack and Unprepared to Defend, is based on a study conducted by the Ponemon Institute, a leading IT security research organization. It identified whether device makers and HDOs are aligned regarding the need to address cybersecurity risks. The survey also found that roughly one-third of device makers and HDOs are aware of potential adverse effects to patients due to an insecure medical device. Despite the risk, only 17% of device makers and 15% of HDOs are taking significant steps to prevent such attacks.
“The security of medical devices is truly a life or death issue for both device manufacturers and healthcare delivery organizations,” said Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute, in a press release. “According to the findings of the research, attacks on devices are likely and can put patients at risk. Consequently, it is urgent that the medical device industry makes the security of its devices a high priority.”
Other key findings from the study:
In today’s Fault Injection podcast, focusing on medical device security, Chris Clark, Principal Security Engineer at Synopsys, said of the report, “There were a lot of surprising results […] but one that stood out to me the most was that 45% of HDOs have no plan for preventing attacks. They really don’t have a process in place for establishing a security policy that helps them deal with the potential vulnerabilities that are there.”
“These findings underscore the cybersecurity gaps that the healthcare industry desperately needs to address to safeguard the well-being of patients in an increasingly connected and software-driven world,” said Mike Ahmadi, Global Director of Critical Systems Security for Synopsys’ Software Integrity Group.