Hospital IoT & IoMT Cyber Security Risk

The specialist Internet of Medical Things (IoMT) risk management platform, Asimly,  has released a new report: Total Cost of Ownership Analysis on Connected Device Cybersecurity Risk which highlights the unique cyber security challenges that Healthcare Delivery Organisations (HDOs) face and the true costs of their IoT and IoMT security risks.

HDOs have a low tolerance for service interruptions to network-connected devices and equipment because of their crucial role in patient outcomes and quality of care.

Resource-constrained HDO security and IT teams continue to face operational difficulties in sufficiently securing critical systems from increasingly-sophisticated attacks, as their vast and heterogeneous IoMT device fleets complicate management and, left unchecked, offer a broad attack surface.

The report concludes that adopting a holistic risk-based approach is the most cost-efficient and long-term-effective path for HDOs to secure their critical systems and IoMT devices.

Among the key findings and analysis included in the new report:

Emerging cyber security trends and challenges:   The report reveals the top cyber attack strategies impacting HDO medical devices right now: ransomware attacks that spread to devices and disrupt services, third-party-introduced malware that impacts device performance, and devices communicating with unknown IP addresses to enable remote breaches. 

Cyber attacks on healthcare providers have become remarkably common: the average HDO experienced 43 attacks in the last 12 months. Unfortunately, many of those attacks are successful, with 44% of HDOs suffering a data breach caused by a third party within the last year alone.    

The high cost of doing nothing:   For HDOs, today’s high-failure status quo can be catastrophic. Cyberattacks cost HDOs an average of $10,100,000 per incident. Worse, cyber incidents are directly responsible for a 20% increase in patient mortality. 64% of HDOs also reported suffering from operational delays, and 59% had longer patient stays due to cybersecurity incidents.

Those financial and operational burdens are pushing many HDOs to the brink: the average hospital operating margin sits at 1.4% in 2023. Currently, more than 600 rural U.S. hospitals risk closure, in an environment where a single cyberattack can put a smaller HDO out of business.    

Poor device health leads to poor outcomes:   HDO security and IT teams face a high-risk environment where the average medical device has 6.2 vulnerabilities. Adding to this challenge, more than 40% of medical devices are near end-of-life and poorly supported (or unsupported) by manufacturers.

Cybersecurity resources and staffing are limited:   Even when device vulnerabilities are recognised, HDO security teams are able to fix only 5-20% of known vulnerabilities each month.

Cyber insurance is no longer enough:   As ransomware attacks and breaches have skyrocketed in recent years, cyber liability insurers are introducing coverage limits and capped payouts, making it a less and less effective recourse for HDOs. At the same time, cyber insurance also fails to address the costly reputational damage an HDO suffers following a breach. “This report details the very current and very significant challenges that HDOs face in defending themselves from cybersecurity risk, and the profound need for holistic and optimised risk reduction strategies as they implement and scale a cyber security risk management program for their connected devices,” said Stephen Grimes, Managing Partner & Principal Consultant at Strategic Healthcare Technology Associates.

Asimily’s risk prioritisation capabilities and clear device vulnerability scoring enable HDO security teams to overcome limited resources and accurately focus on remediating the greatest risks to their organisations, achieving a ten-fold increase in cyber security productivity.

 “As a growing healthcare organisation acquiring clinics and offering new services like ambulatory clinics, you have to stay in front of the risk,” said Kevin Torres, the VP of IT and CISO at MemorialCare, an Asimily customer and leading nonprofit health system in Orange County and Los Angeles County that includes four hospitals along with other specialised clinics.

Hubspot:     Asimily                                  Image: National Cancer Inst. 

You Might Also Read: 

Which Sectors Are Top Targets For Cyber Crime?:

__________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Duolingo Leaks The Data Of 2.6 Million Users
Seiko Attacked By BlackCat »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Dark Reading

Dark Reading

Dark Reading is the most trusted online community for security professionals.

Electus Recruitment Solutions

Electus Recruitment Solutions

Electus is a leading recruitment specialist in the Engineering, Technology & Digital and Cyber & Security sectors.

MetricStream

MetricStream

MetricStream provide integrated GRC solutions across business, IT, and security functions.

Payload Security

Payload Security

Payload Security's VxStream Sandbox is a fully automated malware analysis system.

Quick Heal Technologies

Quick Heal Technologies

Quick Heal Technologies is a leading IT security solutions provider focused on endpoint and network security solutions.

Vanbreda

Vanbreda

Vanbreda Risk & Benefits is the largest independent insurance broker and risk consultant in Belgium and the leading insurance partner in the Benelux.

YL Ventures

YL Ventures

YL Ventures funds and supports brilliant Israeli tech entrepreneurs from seed to lead.

Raqmiyat

Raqmiyat

Raqmiyat provides end-to-end IT Services and business solutions including consultancy, digital transformation, infrastructure and cybersecurity.

Cyber Risk Institute (CRI)

Cyber Risk Institute (CRI)

CRI is a not-for-profit coalition of financial institutions and trade associations working to protect the global economy by enhancing cybersecurity and resiliency through standardization.

Binary Security AS

Binary Security AS

Binary Security is a Norwegian information security consultancy company. We are specialists at application security, penetration testing and secure code reviews.

Apptega

Apptega

Apptega is an award-Winning Cybersecurity and Compliance Platform. Our mission is to make cybersecurity and compliance easy for everyone.

Theta432

Theta432

THETA432 is a cybersecurity firm that provides 24/7/365 managed prevention, detection, response, Hybrid SOC, cyber defense monitoring services with dynamically defined defense (3D™).

Xalient

Xalient

Xalient is an IT consulting and managed services business, specialising in modern, software-defined networking, security and communications technologies.

Apollo Information Systems

Apollo Information Systems

Apollo is a value-added reseller that provides our clients with the complete set of cybersecurity and networking services and solutions.

Anjuna Security

Anjuna Security

Software from Anjuna Security effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud.

ZX Security

ZX Security

ZX Security is a New Zealand owned and operated cyber security consultancy.