82% of Healthcare Organizations Have Experienced a Cyberattack on Their IoT Devices

82% of healthcare providers that have implemented Internet-of-Things (IoT) devices have experienced a cyberattack on at least one of those devices over the course of the past 12 months, according to the Global Connected Industries Cybersecurity Survey from Swedish software company Irdeto.

For the report, Irdeto surveyed 700 security leaders from healthcare organizations and firms in the transportation, manufacturing, and IT industries in the United States, United Kingdom, Germany, China, and Japan. Attacks on IoT devices were common across all those industry sectors, but healthcare organizations experienced the most cyberattacks out of all industries under study.

The biggest threat from these IoT cyberattacks is theft of patient data. The attacks also have potential to compromise end user safety, result in the loss of intellectual property, operational downtime and damage to the organization’s reputation. The failure to effectively secure the devices could also potentially result in a regulatory fine.

When asked about the consequences of a cyberattack on IoT devices, the biggest concern was theft of patient data, which was rated as the main threat by 39% of healthcare respondents. Attacks on IoT devices can also threaten patient safety. 20% of respondents considered patient safety a major risk and 30% of healthcare providers that experienced an IoT cyberattack said patient safety was actually put at risk as a direct result of the attack.

12% of respondents said theft of intellectual property was a major risk, and healthcare security professionals were also concerned about downtime and damage to their organization’s reputation.

The main impact of these attacks is operational downtime, which was experienced by 43% of companies, theft of data (42%), and damage to the company’s reputation (31%).

Mitigating IoT cyberattacks comes at a considerable cost. The average cost of resolving a healthcare IoT cyberattack is $346,205, which was only beaten by attacks on the transport sector, which cost an average of $352,639 to mitigate.

Even though there are known risks associated with IoT devices, it does not appear to have deterred hospitals and other healthcare organizations from using the devices. It has been estimated up to 15 million IoT devices are now used by healthcare providers. Hospitals typically use an average of 10-15 devices per hospital bed.

Securing the devices can be a challenge, but most healthcare organizations know exactly where the vulnerabilities are. They just lack the resources to correct those vulnerabilities.

Manufacturers need to do more to secure their devices. Security is often an afterthought and safeguards are simply bolted on rather than being incorporated during the design process. Fewer than half of device manufacturers (49%) said security is factored in during the design of the devices and only 53% of device manufacturers conduct code reviews and continuous security checks.

82% of device manufacturers expressed concern about the security of their devices and feared safeguards may not be enough to prevent a successful cyberattack. 93% of device manufacturers said security of their devices could be improved a little to a great deal, as did 96% of device users.

“The previous mindset of security as an afterthought is changing. 99 percent agree that a security solution should be an enabler of new business models, not just a cost,” explained the researchers in their recent report. “This clearly indicates that businesses realize the value add that security can bring to their organization.”

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.