The proliferation of medical and internet-connected devices in healthcare brings both clinical benefits and security risks. Just think of the volume of healthcare data being transferred and stored every day — data from IoT and connected medical devices, electronic health records (EHRs), clinical workstations, and smart hospital applications for patients, clinicians, researchers, and administrators.
All of this data requires secure and segmented networks to better protect medical devices, guest wireless devices, clinician devices and more from cybersecurity threats.
As part of National Cybersecurity Awareness Month, we’re focusing on what’s at stake when it comes to securing internet-connected devices in healthcare and how you can create an end-to-end security strategy to help address patient privacy requirements, improve threat detection, reduce management complexity and ultimately lower the risks associated with medical and IoT devices.
Why do my internet-connected devices need to be secure?
With the number of connected devices on healthcare networks rising, and more devices requiring network connectivity, there’s never been a more critical time to consider your medical device and IoT security strategy.
Did you know that 63% of healthcare organizations experienced a security incident related to unmanaged and IoT devices in the past two years?1
The average number of connected medical devices per hospital room is 15-20, and each of those medical devices have, on average, 6.2 vulnerabilities.2
Legacy medical devices can increase the threat surface as well. Sixty percent (60%) of medical devices are at end-of-life stage, with no patches or upgrades available. And the average age of medical devices being used by hospitals and healthcare organizations is 20+ years, making them significant targets for hackers.2
Add mobility to the mix, and you have even more devices to secure. 4 in 5 clinicians use smartphones each day3, and 71% of clinicians said their hospital allows BYOD use.4
So, what’s at stake?
Above all, patient safety continues to be the greatest concern when it comes to the security of internet-connected devices.
In 2017, the Food and Drug Administration recalled 465,000 pacemakers after the discovery of security vulnerabilities that could potentially put patients’ lives at risk.5
Recently, a ransomware attack on a German hospital may become the first ever to result in death.6 After the emergency clinic’s IT network was attacked, a 78-year-old woman was redirected to a care facility more than 20 miles away, resulting in delayed care that ultimately caused her passing.
When critical clinical devices are hacked, it can become a matter of life and death, thus emphasizing the importance of a strong security strategy.
What can you do to protect your patients and internet-connected devices?
To protect patient data and secure your networks, users, endpoints, cloud edge and applications, you need a strong security strategy that includes the following:
- Ability to identify all endpoints on the network, categorize each to a security posture, and create profiles and policies by device type and vendor
- Quickly identify, isolate, and remediate cyber attacks
- Control access to patient data at the device, location, and user level to minimize risk
- Analytics and clinical informed alerts that enable IT to minimize security risks to the entire network while troubleshooting a known issue in an isolated segment
With Cisco Secure, and the Cisco SecureX platform, you can improve patient safety, automate medical and IoT device tracking and inventory, and reduce the risk associated with internet-connected devices within your healthcare facility.
Learn more about the healthcare security portfolio
Sources:
- Armis, Medical and IOT Device Security for Healthcare, 2019
- Cybersecurity Magazine, Patient Insecurity: Explosion Of The Internet Of Medical Things
- Beckers Health IT, 14 Statistics on Clinicians and Mobile Device Usage
- BYOD use is on the rise, and hospital policies need to be robust, Healthcare Dive, April 2018
- 465,000 Pacemakers Recalled on Hacking Fears, Fortune
- Ransomware attack on a hospital may be first ever to cause a death, Fortune