By HFT Staff

Increased use of connected medical devices is accelerating cyberattacks, according to Capterra’s new Medical IoT Survey of healthcare IT professionals. The survey also reveals that 67 percent of healthcare cyberattacks impact patient data and nearly one-half  impact patient care, an indication that rising security risks in the industry are leading to severe consequences in patient outcomes and privacy. 

The medical Internet of Things (IoT) is helping to make healthcare more convenient, efficient, and patient-centric. But connected devices with IoT sensors (e.g., glucose monitors, insulin pumps, defibrillators) often have unprotected security vulnerabilities that endanger healthcare facilities and even patients. In fact, medical practices with more than 70 percent of their devices connected are 24 percent more likely to experience a cyberattack than practices with 50 percent or fewer connected devices. 

Fifty-three percent of healthcare IT staff rate the cybersecurity threat level in the industry as high or extreme, yet many healthcare organizations are not taking the necessary steps to protect medical IoT devices. Alarmingly, 57 percent do not always change the default username and password for each new connected medical device that is put into use. Additionally, 82 percent run connected medical devices on old Windows systems. 

If a security vulnerability is discovered, organizations should patch the device or update its firmware as soon as possible. Unfortunately, 68 percent of healthcare organizations do not always update connected devices when a patch is available. But vulnerabilities and associated patches are not always well publicized, which means healthcare IT staff must stay up to date on emerging threats to medical IoT devices. 

Medical IoT security requires proactive and ongoing vigilance. Healthcare practices should conduct routine vulnerability assessments before connecting medical devices to their IT network. They should also keep an up-to-date and accurate inventory of all connected devices plus associated software and firmware and use software to monitor these devices.