Healthcare Industry Lacks Awareness of IoT Threat, Survey Says

Three-quarters of IT decision makers report they are confident or very confident that portable and connected medical devices are secure on their networks.

Healthcare networks are teeming with IoT devices from glucometers to infusion pumps, but a study found that the majority of IT decision makers may be operating with a false sense of security regarding their ability to protect these devices from cyber attacks.
According to a survey of more than 200 healthcare IT decision makers, more than 90% of healthcare IT networks have IoT devices connected to the systems, according to a report released Wednesday by ZingBox.
Typically you will see 10 to 15 IoT devices per bed in a hospital, says Xu Zou, CEO of ZingBox, defining a healthcare IoT device as anything that is portable and connected to the Internet.
But despite the large presence of these devices, the healthcare industry is largely operating under the assumption that traditional security measures for laptops and servers are fine for securing the medical Internet of Things, the report finds.
For example, 70% of
survey
participants give their seal of approval for using traditional security technology for medical IoT devices, and 76% say they are confident or very confident that these portable and connected medical devices are secure on their networks.
The difference in using traditional IT security verses IoT-specific security is that attackers aim is to gain access to the portable devices, even though the payout of information could be greater if they attacked a server storing a database, Zou says.
A lot of IoT medical devices are not protected and secure, so they are easier to gain access and control, Zou explains. The attackers can control them and use them as a botnet.
This type of attitude may explain the recent results in a Ponemon Institute
study
, which found that while 67% of medical device makers expect an attack on their devices within the next 12 months, only 17% are taking significant steps to prevent it.
Mobile Security IoTs Answer?
Although there are number of similarities between mobile devices and medical things, the security needs between the two are different, Zou says.
One of the key differences is that security patches and updates can be pushed to a mobile device, but the same is usually not the case for IoT medical devices that cannot receive software pushed to them, says Zou.
You can push security software onto a laptop or server, but you cant do that with an infusion pump, he notes.
Additionally, medical devices that are used for direct patient care are heavily regulated by the Food and Drug Administration (FDA). As a result, a medical device maker may be hesitant to receive third-party software pushed to the device for fear it would nullify or affect the FDA certification it receives for its device, Zou says, noting the certification process can sometimes take five years or so to achieve.
As a result of these regulatory hoops, not one medical device maker uses third-party security software for their IoT devices, he says, adding that, according to Gartner, by 2020, 25% of attacks will be directly on the device.
CISOs need to find a way to figure out how many IoT devices they have on their network, suggests Zou. The No. 1 challenge is gaining visibility into this. You cannot protect what you cant see.
Related Content:

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada, July 22-27, 2017. Click for information on the
conference schedule
and
to register.
Major Cyberattacks On Healthcare Grew 63% In 2016
Medical Device Security Gets Intensive Care
Medical Devices Fall Short in Security Best Practices
IoT Security Incidents Rampant and Costly

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Healthcare Industry Lacks Awareness of IoT Threat, Survey Says