Medical devices cyber security vulnerable

New survey of medical device security in hospitals

Although hospitals are increasingly aware of the importance of good cyber security in their medical devices, improvements are still needed at an operational level. A Deloitte survey conducted among 24 hospitals in nine countries (EMEA) found that over half the hospitals surveyed used standard passwords (i.e. factory settings) to secure their equipment.

Key findings from the report

Almost half the hospitals also did not know whether their equipment will comply with forthcoming privacy legislation (for example the EU General Data Protection Regulation). Meanwhile only a fifth stated that the majority of their devices used secure network connections to ensure data reliability and confidentiality.


Computer viruses and malware can compromise patients’ treatment and privacy. The survey revealed that three of the hospitals interviewed had experienced malware during the previous year. “Trends in the USA involving ransomware and medical devices also show we need to remain continually alert,” says Jeroen Slobbe, Deloitte’s cyber security expert.

According to Slobbe, “There’s no reason for blind panic as not using these medical devices represents a bigger risk to patient health than using equipment that contains vulnerabilities. However we can reduce these vulnerabilities and the resultant risks for patients, and so let’s use the opportunities available. This is something we definitely need to do if we are to continue being able to embrace the many innovative solutions that new healthcare technologies can offer.”


If medical equipment’s cyber security is to improve, it is important to make a designated individual responsible for the security of ICT and medical technology, based on an explicit policy for protecting these devices. Network segregation, monitoring and physical access controls can also improve equipment security, while privacy and security should be factored in to the design of new healthcare technology innovations from the start.

Cyber security of network-connected medical devices in (EMEA) Hospitals 2016
Did you find this useful?