IoT medical devices aren't as secure as you think
|Richard Harris in IoT Monday, November 5, 2018|
A new survey illustrates a false sense of confidence that leaves healthcare providers and ultimately their patients vulnerable given inaccurate connected medical device inventories and inadequate network security and medical device maintenance that relies heavily on manual practices.
Zingbox released the report of its second annual Healthcare Security Survey. The survey was expanded this year to include not only IT/IS professionals, but also clinical and biomedical engineers who play critical roles in managing and securing connected medical devices.
The survey revealed a contradiction between the confidence that healthcare professionals have in the visibility of connected medical devices and security of their networks, and the inefficient and ineffective legacy processes many still rely on to keep them secure.
Legacy Solutions Can’t Effectively Secure a Network of Connected Medical Devices
The vast majority of healthcare IT professionals feel confident that the connected medical devices in their hospitals are protected in case of a cyberattack:
79 percent say their organization has real-time information about which connected medical devices are vulnerable to cyber attacks
87 percent are confident that their devices are protected in the event of a cyber attack
69 percent feel traditional security solutions for laptops and PCs are adequate to secure connected medical devices
Unfortunately, their confidence is not justified. “Most organizations are thinking about antivirus, endpoint protection and firewalls, but there are many devices - like medical monitoring equipment - and no one is thinking about securing them,” said Jon Booth, Bear Valley Community Hospital District IT director and Zingbox customer. Additionally, as noted in a Gartner report, Market Trends: Five Healthcare Provider Trends for 2018 published in November 2017 notes: “Generally, medical devices are not replaced for at least 10 years, with many running old software that has not been updated or patched.”
And there are other challenges: the Zingbox survey revealed 41 percent of healthcare IT professionals do not have a separate or sufficient budget for securing connected devices.
Majority of Clinical and Biomedical Engineers Still Rely on Manual Processes for IoT Devices
When asked about inventory of connected medical devices, majority of clinical and biomedical engineers (85 percent) were confident that they have an accurate inventory of all connected medical devices even though many rely on manual audits, which are prone to human error and quickly become outdated. Additional responses from clinical and biomedical engineers include:
Close to two-thirds (64 percent) of responses indicate reliance on some form of manual room-to-room audit or use of static database to inventory the connected devices in their organization
Just 21 percent of responses say their devices receive preventative maintenance based on device usage as opposed to some kind of fixed schedule
The survey also shows that more than half (55 percent) of responses indicate clinical/biomedical engineers must walk over to the device or call others to check on their behalf whether a device is in-use before scheduling repairs. Many make the trip only to find out that the device is in-use by patients and must try again in the future hoping for better luck.
“Despite the recent progress of the healthcare industry, the survey exemplifies the continued disconnect between perception of security and the actual device protection available from legacy solutions and processes. Unfortunately, much of the current perception stems from the use of traditional solutions, processes and general confusion in the market,” said Xu Zou, CEO and co-founder of Zingbox. “Only by adopting the latest IoT technology and revisiting decade-old processes, can healthcare providers be well prepared when the next WannaCry hits.
Read more: https://www.zingbox.com/resources/2nd-annual-zingb...
Are you paying more taxes than you have to as a developer or freelancer? The IRS is certainly not going to tell you about a deduction you failed to take, and your accountant is not likely to take the time to ask you about every deduction you’re entitled to. As former IRS Commissioner Mark Everson admitted, “If you don’t claim it, you don’t get it.
Get hands-on experience in performing simple to complex mobile forensics techniques Retrieve and analyze data stored not only on mobile devices but also through the cloud and other connected mediums A practical guide to leveraging the power of mobile forensics on popular mobile platforms with lots of tips, tricks, and caveats.
The Chirp GPS app is a top-ranked location sharing app available for Apple and Android that is super easy to use, and most of all, it's reliable.
Write and run code every step of the way, using Android Studio to create apps that integrate with other apps, download and display pictures from the web, play sounds, and more. Each chapter and app has been designed and tested to provide the knowledge and experience you need to get started in Android development.