Mountain View, Calif.-based Zingbox, a provider of a healthcare Internet of Things (IoT) analytics platform, has released the findings of its second annual Healthcare Security Survey. The survey was expanded this year to include not only IT/information system professionals, but also clinical and biomedical engineers, who are integral to managing and securing connected medical devices.
The survey revealed a contradiction between the confidence that healthcare professionals have in the visibility of connected medical devices and security of their networks, and the inefficient and ineffective legacy processes many still rely on to keep them secure.
Specifically, the vast majority of healthcare IT professionals feel confident that the connected medical devices in their hospitals are protected in case of a cyberattack:
- 79% say their organization has real-time information about which connected medical devices are vulnerable to cyberattacks
- 87% are confident that their devices are protected in the event of a cyberattack
- 69% feel traditional security solutions for laptops and PCs are adequate to secure connected medical devices
Unfortunately, their confidence is not justified. “Most organizations are thinking about antivirus, endpoint protection and firewalls, but there are many devices—like medical monitoring equipment—and no one is thinking about securing them,” says Jon Booth, Bear Valley Community Hospital District IT director and Zingbox customer.
Additionally, a Gartner report, “Market Trends: Five Healthcare Provider Trends for 2018” published last November notes: “Generally, medical devices are not replaced for at least 10 years, with many running old software that has not been updated or patched.” And there are other challenges: the Zingbox survey revealed 41% of healthcare IT professionals do not have a separate or sufficient budget for securing connected devices.
When asked about inventory of connected medical devices, majority of clinical and biomedical engineers (85%) were confident that they have an accurate inventory of all connected medical devices even though many rely on manual audits, which are prone to human error and quickly become outdated. Additional responses from clinical and biomedical engineers include:
- Close to two-thirds (64%) of respondents indicate reliance on some form of manual room-to-room audit or use of static database to inventory the connected devices in their organization.
- Just 21% of respondents say their devices receive preventative maintenance based on device usage, as opposed to some kind of a fixed schedule
What’s more, 55% of survey respondents indicate that, before scheduling repairs, clinical/biomedical engineers must walk over to the device or call others to check to see if it is in use. In fact, many make the trip only to find out that the device is in use by patients—and must check its status again in the future.
“Despite the recent progress of the healthcare industry, the survey exemplifies the continued disconnect between perception of security and the actual device protection available from legacy solutions and processes. Unfortunately, much of the current perception stems from the use of traditional solutions, processes, and general confusion in the market,” says Xu Zou, CEO and co-founder of Zingbox. “Only by adopting the latest IoT technology and revisiting decade-old processes, can healthcare providers be well prepared when the next WannaCry hits.”