Healthcare organizations and manufacturers have been seriously disturbed by the attacks against medical devices lately. However, according to a recent study by the electronic design automation solutions provider Synopsys, just a few of these organizations have tried to prevent the threat by now.
Based on a survey of 550 individuals conducted by the Ponemon Institute, 67% of the medical device makers and 56% of the HDOs think that the devices they build or use will probably be attacked by malware during the next 12 months.
Actually, about one-third of the respondents stated that they were aware of cyber incidents which had a negative impact on patients, including inappropriate therapy or treatment delivery, ransomware attacks, hijacking of medical devices, and denial-of-service (DoS) attacks.
Nevertheless, despite the above-mentioned, only 17% of the device manufacturers and 15% of the HDOs have made some efforts to prevent the malware attacks. Approximately 40% on both sides said that they haven’t done anything to prevent the threat.
The study also shows that 25% of the medical device makers and 38% of the HDOs are certain that the security mechanisms inside the devices are capable of protecting patients and the clinicians who use them.
Despite the fact that mobile devices make clinicians much more efficient, according to half of the respondents, their use in hospitals and other healthcare organizations increases the security risks significantly.
A great part of the respondents think that securing medical devices is really hard. According to the survey, lots of them concentrate on the security requirements instead of more efficient practices like security testing throughout the development lifecycle, dynamic testing, and code review, for instance.
The study also shows that more than half of the device manufacturers and HDOs blame the presence of vulnerable code on the lack of quality assurance and testing procedures. At the same time, about 50% blame the rush-to-release pressure on the development team, accidental coding errors, and lack of training on secure coding practices.
According to the same study, 36% of the manufacturers and 45% of the HDOs do not test devices. The ones who tested them, said that they have found vulnerabilities and even malware.
Unlike the manufacturers of medical devices who are most worried about the hacker attacks and the challenges posed by securing new medical technologies, the service providers are much more concerned about being up to date with the regulatory requirements, and the lack of protection for patients and users in the medical industry.
Considering the budget, most people think that a serious hacking incident affecting medical devices would most probably lead to a budget increase. At the same time, a huge percentage of respondents believe that the new regulations would influence the budget too.