Perennial use of legacy medical technologies that do not support security updates leaves the healthcare industry vulnerable to data breaches. This includes being at a higher risk of ransomware attacks. The Identity Theft Resource Center (ITRC) reported that 42.5% of breaches that occurred from 2005 to 2014 affected the medical or healthcare industry.
Separately, phoenixNAP claimed that 89% of healthcare organizations have experienced a data breach between 2018-2019 and the sector was the leading industry for cyberattacks and data breaches in 2018.
GlobalData posited that efforts to combat this are urgently required to protect patients’ data and prevent cyberattacks.
Alexandra Murdoch, a medical device analyst at GlobalData, warns that breaches of data in a healthcare setting can have severe implications, as patients’ lives can be in danger from outdated and unprotected medical devices.
“For example, if CT or MRI equipment is tampered with, it could result in an incorrect diagnosis, or even an incorrect or unnecessary medical procedure,” she added.
Older medical devices were not built with security in mind, which leads them to be more vulnerable. In fact, many medical devices are vulnerable to cyberattacks for a variety of reasons.
Some medical devices, especially legacy devices, are too old for security updates or patches, and some are too old to update at all.
“The knowledge that many of our most critical devices are legacy devices and therefore too old to update is concerning. The availability to update a device could be crucial to preventing cyberattacks. It’s important for patients’ safety that the industry invests in newer devices that will perform regular security updates,” she continued.
In addition to understanding how these data breaches are possible, there needs to be a greater understanding of where the threats are coming from, and how to stop them.
Murdoch added that beyond the idea of providing new devices to hospitals that are compatible with security updates, another solution is to use predictive technology such as ‘breach likelihood’.
This technology is used by other sectors and would provide the probability and consequence of a breach happening, based on the device. The technology would help decide which devices would be worth keeping and which would be better off replaced.
“Additionally, this type of technology could provide visibility by alerting healthcare professionals to how vulnerable a device is to cyberattacks, something that is especially necessary among the legacy medical devices,” she concluded.
