Cynerio, a provider of healthcare IoT cybersecurity, released a report that examines the current impacts of cyberattacks on healthcare facilities and network-connected IoT and medical devices. The report was conducted in partnership with the Ponemon Institute.
The report details multiple alarming trends, including widespread and repeated attacks, financial losses measured in the millions, and frequent failures to take basic cybersecurity measures.
The Insecurity of Connected Devices in HealthCare 2022 Report surveyed experts in leadership positions at 517 healthcare systems throughout the United States. Key findings include:
Roughly 56% of respondents stated their organizations experienced one or more cyberattacks in the past two years involving IoMT/IoT devices. Among those, 58% averaged nine or more cyberattacks during that time. Also, 45% of these respondents report adverse impacts on patient care, and 53% percent of those report adverse impacts resulting in increased mortality rates.
Perceived Risk in IoT/ IoMT Devices
Approximately 71% of respondents rated the security risks presented by IoT/IoMT devices as high or very high, while only 21% report a mature stage of proactive security actions. Of the 46% who performed well-known and accepted procedures such as scanning for devices, only 33% of these respondents keep an inventory of the devices that were discovered.
About 47% of those experiencing an attack resulted in a ransom being paid, and 32% of the ransoms paid fell in the range of $250,000-$500,000.
“It’s clear that cyberattackers have increasingly focused their efforts on hospitals since 2020,” says Chad Holmes, security evangelist at Cynerio. “What had been unclear was the frequency and resulting damage of their attacks. By teaming with Ponemon Institute, we have been able to collect feedback from hundreds of hospitals and present a clear picture of the issues they’re facing, both in terms of financial losses and impact to patient care. Ultimately, our aim for this data is to inform and expedite improved cybersecurity funding, training, and policy creation for all healthcare providers.”
The report further details a range of financial impacts, attack types, and detailed sentiments surrounding investments made towards IoT/IoMT security.
“Until recently, the wide scale of cyberattacks on healthcare systems was difficult to measure and typically spoken of anecdotally,” says Larry Ponemon, founder and chairman of the Ponemon Institute. “Our team at Ponemon Institute is proudly pioneering research with organizations like Cynerio to better define the risks hospitals and their patients confront. We hope this report enables healthcare leaders, policymakers and device manufacturers to more effectively address the cybersecurity threats they encounter.”