The introduction of smart technology to the medical field has amazing life-saving potential for patients, but it also introduces a serious new risk: hacking.
Two thirds of medical device manufacturers and more than half of health care delivery organizations believe that the medical devices that they offer or are developing could be hacked within the next year, according to a new survey by software security company Synopsys and the IT security research firm Ponemon Institute.
The technology in question includes implantable devices, networks for mobile medical apps, medical robots, and other kinds of cutting-edge medical equipment.
Among those surveyed, one third believe that an insecure medical device could have an adverse effect on patients, but fewer than one in five were taking steps to prevent such attacks.
Among those who knew of an event that impact patients negatively, more than a third said that an attacker had taken control of the device, while others said that it had resulted in a denial of services or an inappropriate treatment or therapy.
“The security of medical devices is truly a life or death issue for both device manufacturers and healthcare delivery organizations,” Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement.
The report found several reasons for the medical device industry is unprepared for such an attack, including the difficulty building secure devices, a lack of security testing, and an absence of accountability. Less than one in three companies surveyed said that their organizations encrypt traffic communication between devices. The vast majority test their products for vulnerability less than once a year, if at all.
Nearly a third of device manufacturers, and two in five healthcare delivery organizations, said that they were already aware of events or attacks in which patients were affected.