We recently released our bi-annual 2019 Horizon Report highlighting industry-wide data and insights to help healthcare organizations navigate the exceedingly complex cybersecurity terrain.

The trends, patterns, and predictions in our Horizon Report can help our partners recognize impending threats to their internal infrastructures and formulate a strategy for proactive, preventative success in the upcoming year.

While the publication covers a diverse range of healthcare technology concerns, this year’s report pays careful attention to connected medical devices and risks which could directly impact healthcare organizations across the country.

The Horizon Report notes that connected medical devices remain a top concern for healthcare providers for a myriad of reasons. Although 2018 brought with it a renewed emphasis on regulatory compliance for new devices, including the recently launched, voluntary Joint Security Plan (JSP) framework, most of these initiatives focus on fortifying future released devices.

These efforts have little impact on current in-market devices, which pose the most significant cybersecurity risk to healthcare facilities for a wide range of reasons including:

Volume

The 2019 Horizon Report illustrates that the FDA (Food and Drug Administration) currently regulates just under 200,000 connected medical devices produced in over 18,000 firms across more than 21,000 worldwide plants, making it virtually impossible to oversee, identify, and resolve every potential cyber attack with consistency or efficiency.

Dated systems and security

The landscape of our current healthcare terrain includes large batches of unpatched medical devices, many of which are running on obsolete operating systems or have hard-coded passwords, making them ideal targets for hackers on a global scale.

Slow replacement practices

There are currently no regulatory or legislative mandates that put parameters around how long a device can remain in use. As a result, most connected technology is not replaced until it no longer serves its functional purpose, leaving healthcare facilities across every practice with countless potentially compromised or susceptible machines.

Manufacturing inconsistencies

Unfortunately, each medical device manufacturer is allowed to manage and communicate potential cybersecurity vulnerabilities and risks as a unique, internal process. Further, some manufacturers require healthcare providers to pre-approve cybersecurity patches or run the risk of voiding any device warranty.

Manufacturer inconsistencies allow each vendor to operate in a silo, making it challenging to develop a standardized, successful network solution for these connected medical devices.

Healthcare systems are ultimate responsible for in-market device security  

While future released machinery may fall under amended compliance regulations, the network security of existing connected medical devices is ultimately the health provider’s responsibility, a virtually insurmountable task given the surge in worldwide cyber attacks and mounting pressure to protect patient data in a constantly evolving ecosystem.

As a result, medical facilities of every size and scope are turning to an elite group of third-party vendors who specialize in connected device security.

Outsourcing IT and network security needs to a qualified and skilled technology vendor that creates and installs custom-built solutions leveraging cutting-edge innovations like AI and machine learning drives compliance efforts and helps protect all in-process devices with optimized service excellence across multiple industry channels.