In 2014, the FBI warned that healthcare systems, including medical devices, were at an increased risk of cyber-attacks due to the unfortunate coupling of poor cybersecurity practices in the healthcare industry with patient health information (PHI) that commands high value on the dark web.
This warning has largely been realized. The cost and frequency of data breaches in healthcare have risen over the past six years. This state of affairs should come as no surprise to medical device manufacturers and healthcare delivery organizations (HDOs).
According to a study by the Ponemon Institute, 67% of medical device manufacturers and 56% of HDOs believe that their medical devices are at risk for an attack. Despite recognizing the risk, only 17% of device manufacturers and 15% of HDOs have taken significant steps to prevent an attack. Remarkably, only 41% of device manufacturers and 22% of HDOs have an incident response plan in place in the event of an attack.