By this point, it’s not altogether surprising that hackers are going after medical devices. And this is only exacerbated by the fact that security-wise, devices aren’t completely safe. A recent report from security firm WhiteScope found more than 8,000 vulnerabilities in pacemakers.
A new report from Ponemon Institute unravels the topic a bit further, even with its telling title: “Medical Device Security: An Industry Under Attack and Unprepared to Defend.”
With the Rise of AI, What IP Disputes in Healthcare Are Likely to Emerge?
Munck Wilson Mandala Partner Greg Howison shared his perspective on some of the legal ramifications around AI, IP, connected devices and the data they generate, in response to emailed questions.
As part of its research, Ponemon surveyed two groups of participants in March 2017: 242 individuals who are involved or have a role at a device maker and 262 individuals who are involved or have a role in a healthcare delivery organization. Respondents from both groups held various positions, from senior executives/VPs to managers to engineers.
Ponemon questioned participants on a variety of topics related to devices and security.
The results?
Two-thirds (67 percent) of device makers believe an attack on one or more of their devices is either likely or very likely. Fifty-six percent of HDOs felt the same.
A Personalized Approach to Medication Nonadherence
At the Abarca Forward conference earlier this year, George Van Antwerp, managing director at Deloitte, discussed how social determinants of health and a personalized member experience can improve medication adherence and health outcomes.
Yet only 17 percent of device makers and 15 percent of HDOs said they are taking significant steps to prevent attacks on medical devices. Another 35 percent of device makers and 29 percent of HDOs said they’re taking some steps to thwart attacks. But 39 percent of device makers and 45 percent of HDOs claimed they’re not taking any steps at all.
This could be because all employees don’t feel comfortable speaking up about device security. Only 43 percent of device makers and 61 percent of HDOs reported they feel empowered to raise concerns about device security at their organizations.
It could also be because organizations aren’t exactly heeding the FDA’s advice. Fifty-one percent of device makers and 44 percent of HDOs follow guidance from the FDA to mitigate security risks in devices.
According to Ponemon Institute, device makers spend an average of $4 million on the security of their devices each year, while HDOs spend an average of $2.4 million annually. Naturally, a budget increase would be one way to go about amping up security protocol. But that seems unlikely unless a serious hacking event occurs. Sixty-one percent of device makers and 59 percent of HDOs said a major hacking incident would influence their organization to increase its security budget. Another 40 percent of device makers and 54 percent of HDOs said new regulations would convince their organization to enlarge its budget.
The prevalence of attacks and insecure medical devices can result in patients experiencing adverse events. Alarmingly, a decent portion — 31 percent of device makers and 40 percent of HDOs — said they’re aware of such events.
But even though the respondents were aware that patients are impacted, 40 percent of device makers and 44 percent of HDOs don’t know what the adverse event or harm was.
Photo: mattjeacock, Getty Images
