Fortified Health Security: What You’ll Discover in the 2019 Horizon Report on Connected Medical Devices and Risks

Healthcare cybersecurity data on a computer

As a leader in healthcare cybersecurity, data loss prevention, and managed services, Fortified Health Security is dedicated to supporting our partners across multiple levels of service. In addition to our hands-on, customized cybersecurity solutions, we also develop and distribute a wide range of industry-relevant resources and materials to help support and educate our large healthcare clients on protecting their organization against a cyber attack. We’ve recently released our 2019 Horizon Report to do just that. This annual report leverages a comprehensive suite of information, industry expertise, and statistical analysis to highlight industry-wide trends and insights for our partners navigating through the exceedingly complex cybersecurity terrain. The trends, patterns, and predictions in our Horizon Report can help our partners recognize impending threats to their internal infrastructures and formulate a strategy for proactive, preventative success in the upcoming year.

What to Learn About Healthcare Cybersecurity

Current In-Market Devices Pose Significant Risk

While the publication covers a diverse range of healthcare technology concerns, this year’s report pays careful attention to connected medical devices and risks which could directly impact healthcare organizations across the country. The Horizon Report notes that connected medical devices remain a top concern for healthcare providers for a myriad of reasons. Yes, 2018 brought with it a renewed emphasis on regulatory compliance for new devices, including the recently launched, voluntary Joint Security Plan (JSP) framework. However, most of these initiatives focus on fortifying future released devices. These efforts have little impact on current in-market devices, which pose the most significant cybersecurity risk to healthcare facilities for a wide range of reasons including:

Sheer Volume

The 2019 Horizon Report illustrates that the FDA (Food and Drug Administration) currently regulates just under 200,000 connected medical devices produced in over 18,000 firms across more than 21,000 worldwide plants, making it virtually impossible to oversee, identify, and resolve every potential cyber attack with consistency or efficiency.

Dated Systems And Security

The landscape of our current healthcare terrain includes large batches of unpatched medical devices, many of which are running on obsolete operating systems or have hard-coded passwords, making them ideal targets for hackers on a global scale.

Slow Replacement Practices

There are currently no regulatory or legislative mandates that put parameters around how long a device can remain in use. As a result, most connected technology is not replaced until it no longer serves its functional purpose, leaving healthcare facilities across every practice with countless potentially compromised or susceptible machines.

Manufacturing Inconsistencies

Unfortunately, each medical device manufacturer is allowed to manage and communicate potential cybersecurity vulnerabilities and risks as a unique, internal process. Further, some manufacturers require healthcare providers to pre-approve cybersecurity patches or run the risk of voiding any device warranty. Manufacturer inconsistencies allow each vendor to operate in a silo, making it challenging to develop a standardized, successful network solution for these connected medical devices.

Health Care Systems Ultimately Responsible For In-Market Device Security

While future released machinery may fall under amended compliance regulations, the network security of existing connected medical devices is ultimately the health provider’s responsibility, a virtually insurmountable task given the surge in worldwide cyber attacks and mounting pressure to protect patient data in a constantly evolving ecosystem. As a result, medical facilities of every size and scope are turning to an elite group of third-party vendors who specialize in connected device security. Outsourcing IT and network security needs to a qualified and skilled technology vendor that creates and installs custom-built solutions leveraging cutting-edge innovations like AI and machine learning drives compliance efforts and helps protect all in-process devices with optimized service excellence across multiple industry channels. Contact the Fortified team today to hear more about our comprehensive approach to cybersecurity within the healthcare vertical.