August 29, 2019 — Use of the Internet of Things (IoT) is booming, with IHS Markit forecasting there will be 73 billion connected devices in use around the world by 2025. IoT technology has moved beyond speakers and smart fridges and is increasingly being utilized for critical applications across the healthcare industry like insulin delivery devices, connected inhalers and even cancer treatments.
However, a report from digital platform security specialist Irdeto reveals the healthcare sector is severely lacking the resources to tackle a growing cybersecurity threat, and consequently patient safety could be at risk.
The company’s latest research, which surveyed security decision makers at global healthcare organizations to gauge perceptions of IoT security, found that 82 percent of healthcare organizations experienced an IoT-focused cyber-attack in the last 12 months; nearly a third of those hit reported compromised end-user safety as a result.
The report also revealed that only 6 percent of healthcare organizations have everything they need to tackle IoT cybersecurity challenges, with an urgent requirement for increased skills and more budget for security identified.
IoT devices are often targeted by cybercriminals as they are much easier to compromise than businesses’ more sophisticated perimeter cyber-defenses. The problem is that growth in the use of IoT has far outstripped the increase in trained professionals emerging. As a result, healthcare organizations often do not have the expertise internally to ensure the connected devices they are using within their organizations are secure.
Findings from the report revealed the following:
-
Power-down: Ninety (90) percent of those hit by IoT-focused cyberattacks experienced an impact, the most common of which was operational downtime (43 percent). Also noticeable is that 30 percent of attacks compromised end-user safety;
-
Vulnerable: Ninety-six (96) percent believe their organization has some form of cybersecurity vulnerability, with 42 percent identifying IoT devices as the biggest threat and a quarter of healthcare organizations identifying their greatest cybersecurity weakness as their own employees;
-
Need to improve: Ninety-eight (98) percent of all healthcare organizations believe the cybersecurity of IoT devices could be improved; and
-
Inadequate updates: Over one in four manufacturers of IoT devices for healthcare only update the security of devices they manufacture while they are in warranty. One in five leave it to the customer to install updates.
Steeve Huin, vice president of strategic partnerships, business development and marketing, Irdeto, commented, “IoT cyberattacks will continue to be prevalent as use of IoT devices grows. However, as they are increasingly used in mission-critical scenarios in industries like healthcare, the impact of operational down-time and compromises to end-user safety become far greater than just a financial cost.
“Securing each and every potential ‘entry point’ is critical to ensure the integrity of a business’ network as a whole. Manufacturers have a greater responsibility when dealing with potentially critical IoT in healthcare, and thus need to move away from the traditional “build, ship and forget” mindset and incorporate multiple layers of security into the devices they manufacture.
“The consequences of failing to properly secure healthcare IoT devices are real, and need to be taken seriously.”
For more information: www.irdeto.com