Most device makers and over half of providers surveyed say a virtual attack on devices is “likely” in the next year. Unfortunately, the new study by the Ponemon Institute, working on behalf of Synopsys, also reveals that medical device manufacturers and healthcare providers are simply not prepared to defend themselves—and the patient data they’re entrusted with. Around 80% of respondents find developing secure devices to be a “major challenge” thanks to coding errors, deficient expertise on secure coding practices, and unrealistic product deadlines. The real headscratcher is that less than 10% of those same respondents test their own devices at least yearly. More than half of healthcare organizations (53%) and 42% of manufacturers admit they don’t test the security of their devices at all. Finally, a third of all respondents say there’s nobody in their organization who is primarily responsible for medical device security. The Food and Drug Administration put out a guidance, Postmarket Management of Cybersecurity in Medical Devices: Guidance for Industry and Food and Drug Administration Staff, last December. If you haven’t read it, you should. And if you don’t have internal resources or a security vendor to ensure your system is up to snuff, get one.
Study: Risk of Cyberattacks is Growing—But Readiness Isn’t