Study: Many hospitals don't protect devices from hackers
Many healthcare groups don't secure the data on their hospital-use medical devices, a new study finds, leaving patients' information exposed to hackers and would-be identity thieves.
The Ponemon Institute surveyed 80 of the largest healthcare organizations, finding that 69% failed to protect their medical devices, which often transmit private medical data to other devices or cloud-based banks. Almost all of the providers polled said they'd suffered at least one data breach over the past two years, which costs the healthcare industry about $7 billion a year, Ponemon says.
As medical devices get more and more advanced, many ICDs and insulin pumps collect patient data and make it available to physicians on other devices. However, the transfers are often insecure, according to the study.
"In fact, many organizations admit they are not confident they can make certain these devices are secure and that patient data in the cloud is properly protected," Institute founder Larry Ponemon said in a statement. "Overall, most organizations surveyed say they have insufficient resources to prevent and detect data breaches."
These latest findings join the growing clamor from government and academia, calling for better security of medical devices. Last year, a patient figured out how to hack his Medtronic ($MDT) insulin pump, revealing that it could be wirelessly forced to deliver a fatal dose, and a University of Massachusetts professor revealed that many ICDs can be hijacked and, essentially, weaponized.
Since then, lawmakers have urged the FDA to weave security assessments into its approval process, and the Department of Homeland Security has warned that data-transmitting devices are vulnerable to hackers and information thieves.
Special Report: Timeline: The industry gets serious about device hacking