Medical Device Security is Deeply Lacking, Says New Study

Two-thirds of medical devicemakers and about half of healthcare delivery organizations believe a cyberattack on a medical device built or in use by their organizations is likely to occur during the next year — and only 17 percent of those devicemakers and 15 percent of those healthcare organizations are taking significant steps to prevent such attacks.

That’s according to a study conducted by the IT research organization Ponemon Institute for the security company Synopsys.

Focused on North America, the study included responses from about 550 individuals whose roles centered on the security of medical devices. The study’s aim was to determine whether devicemakers and healthcare organizations are in alignment about the need to address cybersecurity risks. What it found was that both groups are unprepared for possible cyberattacks via medical devices.

In addition, only one third of those surveyed understood the potential for adverse effects to patients from insecure medical devices.