Hospital IoT & IoMT Cyber Security Risk

The specialist Internet of Medical Things (IoMT) risk management platform, Asimly,  has released a new report: Total Cost of Ownership Analysis on Connected Device Cybersecurity Risk which highlights the unique cyber security challenges that Healthcare Delivery Organisations (HDOs) face and the true costs of their IoT and IoMT security risks.

HDOs have a low tolerance for service interruptions to network-connected devices and equipment because of their crucial role in patient outcomes and quality of care.

Resource-constrained HDO security and IT teams continue to face operational difficulties in sufficiently securing critical systems from increasingly-sophisticated attacks, as their vast and heterogeneous IoMT device fleets complicate management and, left unchecked, offer a broad attack surface.

The report concludes that adopting a holistic risk-based approach is the most cost-efficient and long-term-effective path for HDOs to secure their critical systems and IoMT devices.

Among the key findings and analysis included in the new report:

Emerging cyber security trends and challenges:   The report reveals the top cyber attack strategies impacting HDO medical devices right now: ransomware attacks that spread to devices and disrupt services, third-party-introduced malware that impacts device performance, and devices communicating with unknown IP addresses to enable remote breaches. 

Cyber attacks on healthcare providers have become remarkably common: the average HDO experienced 43 attacks in the last 12 months. Unfortunately, many of those attacks are successful, with 44% of HDOs suffering a data breach caused by a third party within the last year alone.    

The high cost of doing nothing:   For HDOs, today’s high-failure status quo can be catastrophic. Cyberattacks cost HDOs an average of $10,100,000 per incident. Worse, cyber incidents are directly responsible for a 20% increase in patient mortality. 64% of HDOs also reported suffering from operational delays, and 59% had longer patient stays due to cybersecurity incidents.

Those financial and operational burdens are pushing many HDOs to the brink: the average hospital operating margin sits at 1.4% in 2023. Currently, more than 600 rural U.S. hospitals risk closure, in an environment where a single cyberattack can put a smaller HDO out of business.    

Poor device health leads to poor outcomes:   HDO security and IT teams face a high-risk environment where the average medical device has 6.2 vulnerabilities. Adding to this challenge, more than 40% of medical devices are near end-of-life and poorly supported (or unsupported) by manufacturers.

Cybersecurity resources and staffing are limited:   Even when device vulnerabilities are recognised, HDO security teams are able to fix only 5-20% of known vulnerabilities each month.

Cyber insurance is no longer enough:   As ransomware attacks and breaches have skyrocketed in recent years, cyber liability insurers are introducing coverage limits and capped payouts, making it a less and less effective recourse for HDOs. At the same time, cyber insurance also fails to address the costly reputational damage an HDO suffers following a breach. “This report details the very current and very significant challenges that HDOs face in defending themselves from cybersecurity risk, and the profound need for holistic and optimised risk reduction strategies as they implement and scale a cyber security risk management program for their connected devices,” said Stephen Grimes, Managing Partner & Principal Consultant at Strategic Healthcare Technology Associates.

Asimily’s risk prioritisation capabilities and clear device vulnerability scoring enable HDO security teams to overcome limited resources and accurately focus on remediating the greatest risks to their organisations, achieving a ten-fold increase in cyber security productivity.

 “As a growing healthcare organisation acquiring clinics and offering new services like ambulatory clinics, you have to stay in front of the risk,” said Kevin Torres, the VP of IT and CISO at MemorialCare, an Asimily customer and leading nonprofit health system in Orange County and Los Angeles County that includes four hospitals along with other specialised clinics.

Hubspot:     Asimily                                  Image: National Cancer Inst. 

You Might Also Read: 

Which Sectors Are Top Targets For Cyber Crime?:

__________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Duolingo Leaks The Data Of 2.6 Million Users
Seiko Attacked By BlackCat »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Malware.lu

Malware.lu

Malware.lu is a repository of malware and technical analysis. The goal of the project is to provide samples and technical analysis to security researchers.

Get Cyber Safe

Get Cyber Safe

Get Cyber Safe is a national public awareness campaign created to educate Canadians about Internet security and the simple steps they can take to protect themselves online.

Prove & Run

Prove & Run

Prove & Run provides a patented software development toolchain that is specifically forged to deal with the complex security properties of sensitive software components.

Dermalog Identification Systems

Dermalog Identification Systems

Dermalog Identification Systems is a pioneer in biometry and the largest German manufacturer of biometric devices and systems.

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

C-MRiC collaborates on initiatives, ranging from national cyber security, enterprise security, information assurance, protection strategy, climate control to health and life sciences.

Zacco

Zacco

Zacco offer a 360° perspective on intellectual property: From patent filing and trademark registration to software development, digital brand protection, cyber security and portfolio management.

Cyemptive Technologies

Cyemptive Technologies

Cyemptive's CyberSlice technology preempts and remove threats before they take hold, in seconds, compared to other’s hours, days, weeks and even months.

archTIS

archTIS

archTIS specialises in the design and development of products, solutions and services for secure information sharing and collaboration.

Hold Security

Hold Security

Hold Security works with companies of all sizes to provide unparalleled Threat Intelligence services that actually make a difference.

Newberry Group

Newberry Group

The Newberry Group provides comprehensive IT services and solutions that optimize operations, minimize risk and deliver measurable business value.

Britive

Britive

The Britive Platform is a cloud-native security solution built for the most demanding cloud-forward enterprises.

Onesecure Asia

Onesecure Asia

ONESECURE Asia’s expertise and services are built around its mission to provide reliable, robust and scalable technology solutions to cater for its customers’ needs.

UNS Inc.

UNS Inc.

UNS is a top services partner for multiple leaders in the global cybersecurity industry – we do business in 40 countries, including the United States, Canada, Chile, and Colombia.

Clearnetwork

Clearnetwork

Clearnetwork specializes in managed cybersecurity solutions that enable both public and private organizations improve their security posture affordably.

Panoplia Digital Protection

Panoplia Digital Protection

Panoplia Digital Protection is a cutting-edge cybersecurity company that leverages the power of AI and ML to help businesses and consumers protect themselves against cyber threats.

Resemble AI

Resemble AI

Resemble AI is an innovator in Generative Voice AI technology and tools to combat AI fraud including audio watermarking and deepfake detection.

CQR

CQR

CQR are at the forefront of innovative cyber solutions, dedicated to securing and fortifying Operational technology (OT) infrastructure.

Tulpa AI

Tulpa AI

Tulpa develops safe AI assistants (co-pilots) to support and enhance human performance in high-stakes, mission-critical decision-making environments.