The latest Synopsys and Ponemon study Medical Device Security: An Industry Under Attack and Unprepared to Defend has been released today and highlights the critical security deficiencies in today’s medical devices.
Alarmingly only 53% of healthcare delivery organisations (HDOs) said they tested the medical device at least once a year with 43% of manufactures said they don’t test devices at all.
“The security of medical devices is truly a life or death issue for both device manufacturers and healthcare delivery organizations,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “According to the findings of the research, attacks on devices are likely and can put patients at risk. Consequently, it is urgent that the medical device industry makes the security of its devices a high priority.”
The survey, which was conducted by the Ponemon Institute, a leading IT security research organisation, reviewed more than 550 individuals from manufacturers and HDOs to identify whether device makers and HDOs are in alignment about the need to address cybersecurity risks.
Unfortunately, it was found 67% of medical device manufactures and 56% of HDOs believe an attack on a medical device built in or in use by their organisations is likely to occur over the next 12 months.
Furthermore, 80% of device makers and HDOs report that building secure devices is becoming increasingly more challenging. The main vulnerabilities in medical devices mainly revolved around coding deficiencies with accidental coding errors, lack of knowledge/training on secure coding practises and pressure on development teams to meet product deadline heighted as the main issues.
Following the industry FDA guidelines also proves to be an obstacle as only 51% of device makers and 44% of HDOs follow current FDA guidance to mitigate of reduce inherent security risks in medical devices.
“These findings underscore the cybersecurity gaps that the healthcare industry desperately needs to address to safeguard the well-being of patients in an increasingly connected and software-driven world,” said Mike Ahmadi, global director of critical systems security for Synopsys’ Software Integrity Group. “As we saw with the past two studies on the Building Security in Maturity Model (BSIMM), the healthcare industry continues to struggle when it comes to software security. The industry needs to undergo a fundamental shift, building security into the software development lifecycle and across the software supply chain to ensure medical devices are not only safe, but also secure.”
To view the full report click here: https://www.synopsys.com/software-integrity/resources/analyst-reports/medical-device-security-report.html
