Asimily has released a report delving into the intricate challenges faced by healthcare delivery organisations (HDOs) when it comes to safeguarding their Internet of Medical Things (IoMT) devices from cyber threats.
HDOs are grappling with a myriad of issues, chiefly the fact that their dependency on connected devices is paramount to patient outcomes and the quality of care. In a field where even minor service interruptions can have life-altering consequences, the stakes are higher than ever.
Stephen Grimes, Managing Partner & Principal Consultant at Strategic Healthcare Technology Associates, said:
“This report details the very current and very significant challenges that HDOs face in defending themselves from cybersecurity risk, and the profound need for holistic and optimised risk reduction strategies as they implement and scale a cybersecurity risk management program for their connected devices.
We invite HDO leaders and their cybersecurity risk managers to read and absorb the lessons of this report, and to take the steps necessary to mitigate IoMT device risks with the strategic efficiency and effectiveness these risks demand.”
With limited resources and a staggering array of devices to manage, the security and IT teams of HDOs face an uphill battle against increasingly sophisticated cyberattacks.
The report underscores that adopting a holistic risk-based approach is not just a prudent decision but a cost-efficient one in the long run—it’s a prescription for safeguarding critical systems and IoMT devices that cannot be ignored.
Several key revelations have emerged from the comprehensive analysis of the report:
- Emerging cybersecurity trends: Ransomware attacks, third-party malware intrusions, and unauthorised device communication are the triad of cyber threats afflicting medical devices within HDOs. Astonishingly, the average HDO experienced a staggering 43 cyberattacks in the past year, with a significant portion proving successful. Data breaches caused by third parties have become alarmingly common, with 44 percent of HDOs falling victim in the last year alone.
- The price of inaction: The cost of cyber incidents for HDOs is not just financial; it’s potentially a matter of life and death. With an average cost of $10,100,000 per incident, these attacks have also led to a 20 percent increase in patient mortality. The operational toll is equally substantial, with 64 percent of HDOs encountering delays and 59 percent facing extended patient stays due to cybersecurity incidents. With the average hospital’s operating margin resting at a precarious 1.4 percent, the potential ramifications are dire.
- Vulnerable devices: The report uncovers the uncomfortable truth that the average medical device harbours 6.2 vulnerabilities, a startling fact considering over 40 percent of these devices are approaching end-of-life and lack proper manufacturer support.
- Limited cybersecurity resources: Even with vulnerabilities identified, HDO security teams can only address a fraction of the issues each month, underscoring the challenge of limited resources.
- Waning efficacy of cyber insurance: While once a lifeline for HDOs, cyber insurance is now riddled with limitations and capped payouts while failing to address the reputation damage that follows a breach.
“As a growing healthcare organisation acquiring clinics and offering new services like ambulatory clinics, you have to stay in front of the risk,” commented Kevin Torres, the VP of IT and CISO at MemorialCare, an Asimily customer and leading nonprofit health system in Orange County and Los Angeles County.
“You need to make sure that you’re effectively onboarding these environments and matching their security posture to yours. Using Asimily, we gained full visibility into connected IoT and IoMT devices and their associated vulnerabilities. Our security program achieved 98 percent NIST compliance while the average of 60 similar HDOs is 71 percent.”
As the healthcare landscape continues to evolve, it’s clear that cybersecurity must be a paramount concern. The report serves as a clarion call, urging HDOs to face the challenges head-on and take the necessary steps to protect their interconnected devices, patient outcomes, and the future of healthcare itself.
