Study: Are medical devices at risk?




Many healthcare delivery organizations (HDOs) are deeply worried and feel threatened by hacker attacks against medical devices, but only a few have taken steps to address the threat, according to a study commissioned by Synopsys.

The survey, conducted by Ponemon Institute, shows that 67% of medical device manufacturers and 56% of HDOs believe it may be possible for the next 12 months to undergo a hacker attack on the medical devices they are developing or using.

One-third of respondents were informed of cybercrime that affected patients, leading to inappropriate therapy or treatment delivery. Among the incidents, are reported attacks with ransomware, DoS attacks, and hijacking of medical devices.

17% of device manufacturers and 15% of HDOs have taken significant steps to prevent hacker attacks, showing that a frightening minority of companies have genuinely responsible behavior. About 40% admit that they have done nothing to prevent a hacker attack. Ever.

25% of medical device manufacturers and 38% of HDOs believe that security mechanisms built into devices can adequately protect patients and healthcare professionals who use them.

Half of the respondents believe that the use of mobile devices in hospitals and other healthcare facilities dramatically increases their cybersecurity risks.

Almost all respondents, however, think that ensuring the safety of medical devices is a very difficult job to do. According to the survey, many companies are simply trying to meet security requirements instead of implementing more effective practices, for example, conducting professional invasive penetration tests to ensure their development security throughout the lifecycle.

More than 50% of device manufacturers and HDOs are accusing their products` lack of security on vulnerable codes.

According to survey results, 36% of manufacturers and 45% of HDOs do not test their devices at all. However, those who conduct tests recognize that they have discovered vulnerabilities and malware. For this reason, TAD GROUP reminds you that the only way to ensure the security of networks and systems is to regularly perform professional penetration tests to reveal their vulnerabilities and eventual real hacker presence in them.

Would you like to comment on this article?


Latest articles


75% of applications have at least one vulnerability

Developers, however, are not the only ones to blame.


Guide for GDPR compliance

In May 2018, the General Data Privacy Regulation (GDPR) will take effect, significantly changing the way organizations process and store data.


BEURK - Experimental Unix RootKit

BEURK is an user-land preload rootkit for GNU/Linux.

Sign up for our online newsletter!