By Fred Donovan, HIT Infrastructure | August 30, 2019

The healthcare IT network harbors the most prominent vulnerabilities in healthcare organizations, judged 232 healthcare security decision makers surveyed by Vanson Bourne on behalf of security firm Irdeto.

The healthcare IT network harbors the most prominent vulnerabilities in healthcare organizations, judged 232 healthcare security decision makers surveyed by Vanson Bourne on behalf of security firm Irdeto.

Half of respondents cited the IT network as the place where the most prominent vulnerabilities reside, followed by mobile devices and apps (45 percent) and Internet of Things (IoT) devices (42 percent).

The poll found that 82 percent of healthcare respondents have been the target of an IoT-focused cyberattack in the past year. Of those organizations hit by an attack, 30 percent said that it compromised end-user safety.

Forty-three percent of respondents said that operational downtime is the most common impact of a cyberattack, followed by compromised customer data (42 percent) and brand or reputational damage (31 percent).

Virtually all the manufacturers and users of healthcare IoT devices said that the cybersecurity of the IoT devices could be improved either to a great extent or to some extent.

“The benefits of connectivity in healthcare are clear for all to see, but this growth in connectivity brings with it an increase in vulnerabilities, with hackers looking to steal sensitive medical data, execute targeted attacks against care providers’ infrastructure and much more,” said Steeve Huin, vice president of strategic partnerships, business development, and marketing at Irdeto.

“The industry is clearly aware of the cybersecurity issues it faces, and it is now imperative that organizations upskill and implement robust cybersecurity strategies, incorporating device and app security, to ensure patient safety and optimal care, while preventing the extra costs insurance companies must charge as a result of a cyberattack,” Huin added.

IOT CYBERATTACK COSTS HEALTHCARE $346,000 ON AVERAGE

The average financial impact from an IoT-focused cyberattack in healthcare was more than $346,000, according to the survey. This compares with an average financial impact of $353,000 for connected transportation companies and $288,000 for manufacturing and production companies.

In total, Irdeto polled 700 security decision makers across the healthcare, transportation, manufacturing, and IT industries.

Healthcare companies were the most prone to experiencing an IoT-focused cyberattack, followed by manufacturing companies and connected transportation companies.

While the healthcare and connected transportation sectors ranked compromised customer data as their number one concern, the manufacturing sector ranked compromised end-user safety first.

Only 48 percent of IoT device manufacturers update the security of their devices for the device lifetime. This drops to 39 percent for IoT device manufacturers in the manufacturing sector but rises to 52 percent for IoT device makers in the healthcare sector.

“The survey results indicate that many organizations across various vertical segments may still be treating security like a checkbox exercise. Yes, they have some security in place, but they are not doing enough to truly protect the growing number of vulnerabilities that are entering today’s organizations as a result of increased connectivity,” the report observed.

SECURITY SHOULD BE ENABLER OF NEW BUSINESS MODELS

Almost all the healthcare organizations said that a security solution should be an enabler of new business models, not just a cost center.

“The previous mindset of security as an afterthought is changing, and one of the most promising results of the study found that today’s organizations are thinking even more strategically about security,” the report noted.

In the United States, 95 percent of respondents said they have antivirus/antimalware protection, 93 percent said they have firewalls, 83 percent have software protection, 61 percent have mobile app protection, 58 percent said they are making security part of the product design lifecycle, and 64 percent said that they conduct continuous security and/or code reviews.

“From enabling new rental or subscription models in connected vehicles, to Digital Twins revolutionizing the manufacturing processes, to providing patients with even better healthcare, security is the enabler to successfully implementing new and future business models in today’s connected world,” the report concluded.