Hospitals Struggle to Manage IoT Devices: Report

1499

Health technology company Philips released a new report covering cybersecurity spending and trends at mid-sized and large hospitals.

This study, conducted by Ipsos market research firm  surveyed 130 hospital executives and BioMed technicians and engineers. The respondents, provided insight into the current state of medical device security within hospitals. The key findings revealed 48 per cent of hospitals reporter a forced or proactive shutdown as result of external attacks, with mid sized hospitals feeling more pain. 

Of respondents that experienced a shutdown due to external factors, large hospitals reported an average shutdown time of 6.2 hours at a cost of $21,500 per hour while midsize hospitals averaged nearly 10 hours at more than double the cost or $45,700 per hour. 

When asked about common vulnerabilities such as BlueKeep, WannaCry and NotPetya, the majority of respondents said their hospitals were unprotected. 52% of respondents admitted their hospitals were not protected against the Bluekeep vulnerability, and that number increased 64% for WannaCry and 75% for NotPetya.

The “Perspectives in Healthcare Security Report” split most of the study between large hospital systems with more than 1,000 beds and mid-sized ones with less than 1,000 beds.

While most respondents had a good knowledge of how many devices were deployed in their hospital system, 15% of mid-sized hospitals and 13% of large hospitals had no way of knowing the number of devices on their network.

Almost half of all respondents find the staffing they have for medical device and IoT security “inadequate,” with most reporting a less cybersecurity staffs. 

The mean annual IT spend is around $3 million to $3.5 million for both larger and mid-size hospital systems. A mean of about $329,000 is spent each year on medical devices and IoT cybersecurity.

Nearly 80% of both mid-sized and large hospital systems measured cybersecurity ROI through logs of major attacks while also using “total critical vulnerabilities found” and “amount of time saved” as measures of success.

In the cybersecurity space, healthcare is one of the most targeted industries. The HHS cited a total of 82 ransomware incidents so far this year worldwide with 60% of them impacting the United States health sector. Whether the hack is committed by notorious gangs such as REvil or Conti or lesser known hackers, hospitals now account for 30% of all large data breaches and at an estimated cost of $21 billion in 2020.

“With new threat vectors emerging every day, healthcare organizations are facing an unprecedented level of challenges to their security,” said Azi Cohen, CEO of CyberMDX. “Hospitals have a lot at stake — from revenue loss, to reputational damage, and most importantly patient safety.”

“No matter the size, hospitals need to know about their security vulnerabilities,” said Maarten Bodlaender, Head of Cyber Security Services at Philips.