June 25, 2018
The results of a HIMSS survey has shown that medical appliance safety is a planned emphasis for most healthcare groups, however, less than 50% of healthcare suppliers have a sanctioned budget for tackling safety flaws in medical appliances.
For the survey, HIMSS interrogated 101 healthcare sector doctors in the United States and Asia for IT titan Unisys.
85% of those interrogated in the survey said medical appliance safety was a planned emphasis and 58% said it was a high significance, however, just 37% of respondents had a sanctioned budget reserved to adapt their cybersecurity policy for medical appliances. Small to medium healthcare dealers were even less likely to have sufficient coffers available, with 71% of firms lacking the budget for medical appliance safety improvements.
Flaws in medical appliances are often found. ICS-CERT has issued a number of recent advisories concerning weaknesses in a wide variety of appliances. In several cases, mistakes are found and tackled before they can be abused by cybercriminals, even though the WannaCry attacks last year showed just how much of a danger is involved – to companies as well as patients.
A latest MedCrypt-financed study from the University of California Cyber Team has indicated that some healthcare groups have faced cybersecurity occurrences involving unsafe medical appliances that have had a harmful effect on patients. The groups that had faced cases involving undermined medical appliances stated between 100 and 1,000 patients had been impacted.
Bill Parkinson international senior director, Unisys Life Sciences and Healthcare stated: “Although most life sciences and healthcare companies know the requirement to strengthen appliances’ safety, many are grappling with legacy appliances that were never intended to be internet-accessible – and with the upsurge of ransomware and advanced cyberattacks like WannaCry, that can put both the supplier and the patient at risk.”
Those who took part in HIMSS/Unisys survey were questioned what safety measures they had applied to protect their medical appliances. 85% said they had firewalls and network access control measures, even though just 53% said they used isolated networks for medical appliances, even though the separation of networks can assist groups to alleviate the danger.
Parkinson stated: “To make sure correct safety, all appliances need an equally strong safety – firewalls alone are not sufficient in today’s setting. In this regard, micro-segmentation, the capability to segment and limit network and device data to pre-authorized groups of users and appliances, can be a significant asset for hospitals and medical suppliers.”
The survey also looked into how healthcare suppliers are noting and processing data collected by medical appliances. About 60% of healthcare suppliers said they were ready for a device inspection at all times, however, less than a third of suppliers were recording appliance data in actual-time.
Parkinson said: “The significance of having access to real-time data can’t be undervalued. Not just can data analytics assist life sciences and healthcare companies decrease appliance lost time by making sure appliances are working, it can considerably improve audit readiness and better inform future buying decisions.”