Tuesday, May 30, 2017

a mere 5% hospitals test for medical devices security

"hipaa compliant healthcare messaging from vectramind"
HIPAA COMPLIANT HEALTHCARE MESSAGING FROM VECTRAMIND

VECTRAMIND  is among the few messaging companies which provide healthcare organizations fully secure HIPAA compliant Hl7 messaging standards for patients and healthcare clinical staff.

Vectramind’s customized A2P solutions now enable you to capitalize on SMS to reach your target audience – from healthcare service provider, administrator to patients. 


The security of medical devices has attracted a lot of attention in recent months due to fears of device vulnerabilities being exploited by cybercriminals to cause harm to patients, gain access to healthcare networks and steal patient data. Cybercriminals have extensively targeted the healthcare industry due to the high value of patient data on the black market, combined with relatively poor cybersecurity defenses. While there have been no reported cyberattacks on medical devices with the specific aim of causing harm to patients, there are fears it is only a matter of time before such an attack occurs. Even if harming patients is not the goal of cybercriminals, ransomware attacks – which take essential computer systems out of action – can place patient safety at risk.

 Those attacks have  already started  occurring. Some healthcare providers experienced medical device downtime as a result of the recent WannaCry ransomware attacks.However of late much attention has focused on device manufacturers for failing to incorporate appropriate security protections to prevent cyberattacks and not considering security for the life cycle of the devices.A recent Synopsis-sponsored survey conducted by the Ponemon Institute suggests healthcare delivery organizations may be equally at fault.

The report on the survey – Medical Device Security: An Industry Under Attack and Unprepared to Defend – shows that both device manufacturers and healthcare organizations are concerned that medical device attacks will occur. 67% of medical device manufacturers and 56% of healthcare delivery organizations believe a cyberattack on a medical device at their organization is likely to occur in the next 12 months.

Even though manufacturers and HDOs are aware of the risks of cyberattacks on medical devices, and one third are aware that those attacks could have an adverse effect on patients, only 17% of device manufacturers and 15% of HDOs are taking action to reduce the risk of cyberattacks on medical devices used by their organizations.

One of the biggest challenges is incorporating security controls into the devices. 80% of device manufacturers said medical devices are very difficult to secure, with a lack of knowledge about how to secure the devices cited as a major issue along with accidental coding errors and pressure to meet product delivery deadlines. Identifying potential vulnerabilities does not appear to be a major priority. 53% of HDOs and 43% of device manufacturers said they do not perform any medical device security tests, while just 9% of device manufacturers and 5% of HDOs conduct device security tests on an annual basis. There is also a lack of accountability for medical device security. One third of manufacturers and HDOs said there is no one person in their organization with overall responsibility for medical device security.

No comments:

Post a Comment