"Undefined Roles, Responsibilities For Medical Device Security Heighten Risks"
Cynerio and the Ponemon Institute conducted a survey in which nearly 80 percent of the 517 respondents stated that they did not consider their organization's Internet of Things (IoT) and Internet of Medical Things (IoMT) cybersecurity activities to be mature. Nearly half of those polled said their organization had experienced attacks on medical devices that resulted in the theft of patient data, and 56 percent said the attacks resulted in the inability to provide patient care. Furthermore, 26 percent of respondents stated that the attacks caused inappropriate testing for patients. Of the respondents, 53 percent whose organizations faced an adverse impact on patient care because of a cyberattack reported an increase in mortality rate. The findings revealed a significant gap in the industry. The security risks associated with IoT and medical devices are well known, but organizations continue to fail to prioritize and accept responsibility for these risks. Nation-states, ransomware gangs, and other groups have identified an industry that offers low levels of cyber protection paired with multiple revenue channels, fueled by lagging security practices and failures measured in fatalities rather than fiscal loss. In almost any other industry, such outcomes would be considered an act of war, but daily interactions with mortality have contributed to a more conservative approach to addressing the threats introduced by unprotected technology, specifically IoT and IoMT devices, according to the report. This article continues to discuss key findings regarding the state of healthcare IoT device security.