Medical devices cybersecurity vulnerable
New survey of medical device security in hospitals
Although hospitals are increasingly aware of the importance of good cybersecurity in their medical devices, improvements are still needed at an operational level. A Deloitte survey conducted among 24 hospitals in nine countries (EMEA) found that over half the hospitals surveyed used standard passwords (i.e. factory settings) to secure their equipment.
19 mei 2016
Almost half the hospitals also did not know whether their equipment will comply with forthcoming privacy legislation (for example the EU General Data Protection Regulation). Meanwhile only a fifth stated that the majority of their devices used secure network connections to ensure data reliability and confidentiality.
Computer viruses and malware can compromise patients’ treatment and privacy. The survey revealed that three of the hospitals interviewed had experienced malware during the previous year. “Trends in the USA involving ransomware and medical devices also show we need to remain continually alert,” says Jeroen Slobbe, Deloitte’s cybersecurity expert.
According to Slobbe, “There’s no reason for blind panic as not using these medical devices represents a bigger risk to patient health than using equipment that contains vulnerabilities. However we can reduce these vulnerabilities and the resultant risks for patients, and so let’s use the opportunities available. This is something we definitely need to do if we are to continue being able to embrace the many innovative solutions that new healthcare technologies can offer.”
If medical equipment’s cybersecurity is to improve, it is important to make a designated individual responsible for the security of ICT and medical technology, based on an explicit policy for protecting these devices. Network segregation, monitoring and physical access controls can also improve equipment security, while privacy and security should be factored in to the design of new healthcare technology innovations from the start.
Journalists can request the report from Alexandra Blikman via +31 (0)88 288 3112 or email@example.com.