The money spent on securing medical devices will primarily be due to OEMs embedding security in the hardware, reviewing, analyzing, pen testing, developing patches, and performing OTA updates, among other functions. The rest of the expenditure will focus on data protection. But medical devices suffer from numerous vulnerabilities, and many often compound several critical vulnerabilities: code errors in software, use of hardcoded passwords, disabling of firewalls, lack of authentication mechanisms, unencrypted communications, among many other issues.
Protecting devices requires addressing technical issues, health care delivery, and business challenges. To do this, collaboration across the various stakeholder silos is necessary. The industry, however, is at the beginning stages of the discussion. Globally, the efforts are poor, and the United States is the only country currently putting significant energies into the matter.
However, awareness is growing, which will push spending on devices to triple globally by 2021, resulting primarily from dynamic US public and private efforts in the space. A few companies are already fully embracing medical device cybersecurity, including Battelle, Coalfire, Dräger, Extreme Networks, Sensato, Synopsys, UL, and WhiteScope.
“Investment in medical device cybersecurity is critical in order to deliver the full promise of next-generation healthcare technology,” concludes Menting. “OEMs and healthcare providers taking part in the discussion today will be the pioneers forming the foundation of future cybersecurity for medical devices.”
These findings are from ABI Research’s Securing Medical Devices report, which can be found here.