As hospitals increasingly utilize connected medical devices, healthcare enterprise systems are struggling to keep up with the new security measures that these devices require to keep them (and their patients) safe from hackers.
With recent news coverage of cyber attacks on financial firms and the announcement of new financial cybersecurity regulations in New York State, you might think that the largest target of cyber attacks are banks and other financial institutions. That line of thinking, however, is wrong.
The largest target of cybersecurity attacks on corporations is more and more becoming focused on healthcare enterprise systems and the connected medical devices that are quickly beginning to dominate the healthcare landscape. If that sounds like a terrifying proposition, it's because it is. According to IoT security firm, Zingbox, U.S. hospitals average 10 to 15 connected medical devices per hospital bed. In large metropolitan hospitals, it's not uncommon for a health system to have thousands of beds. Add to that that many of these connected devices share sensitive patient healthcare data and yet a decent percentage are still running outdated systems like Microsoft XP - an operating system that Microsoft is no longer providing updates and security patches for.
What does this mean for healthcare enterprise systems? For starters, as IoT becomes more of a mainstay in the healthcare industry with medical devices that connect to healthcare systems to transmit data, stronger security protocols are going to become a must-have. And if losing sensitive patient data doesn't spur on healthcare organizations to update their security and IT infrastructure, then the threat of non-compliance and patient lawsuits definitely should.
Already multiple hospital systems have been hit with ransomware attacks over the last year, with the most high-profile case being that of the Hollywood Presbyterian Medical Center attack. The hospital system was forced off of their IT systems for a full week before their access to operating and patient data was restored. This type of attack can not only affect the bottom line, but also patient lives.
Healthcare administrators are starting to understand the seriousness of the issues of lax security for healthcare enterprise systems and connected medical devices, but many aren't sure where to start when it comes to fixing the problem. And it's safe to say that implementing stronger security measures for thousands of patient devices that have already been deployed won't be a simple (or quick) process. The FDA has already started to create a framework for medical device approval that includes evaluating the technology's security measures. However, there's still a lot of work to be done to bring healthcare systems and medical device security up to par.