Synopsys has released the results of the study 'Medical Device Security: An Industry Under Attack and Unprepared to Defend', which found that 67% of medical device manufacturers and 56% of DHOs (Healthcare Delivery Organisations) believe an attack on a medical device built or in use by their organisations is likely to occur over the next 12 months.
The survey also found that roughly one third of device makers and HDOs are aware of potential adverse effects to patients due to an insecure medical device, but despite the risk only 17% of device makers and 15% of HDOs are taking significant steps to prevent such attacks.
The Synopsys study conducted by the Ponemon Institute, aimed at identifying whether device makers and HDOs are in alignment about the need to address cybersecurity risks. Focused on the North America market, the study surveyed approximately 550 individuals from manufacturers and HDOs, whose roles involve the security of medical devices, including implantable devices, radiation equipment, diagnostic and monitoring equipment, robots, as well as networking equipment designed specifically for medical devices and mobile medical apps.
"The security of medical devices is truly a life or death issue for both device manufacturers and healthcare delivery organisations," said Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute. "According to the findings of the research, attacks on devices are likely and can put patients at risk. Consequently, it is urgent that the medical device industry makes the security of its devices a high priority."
Other key findings from the study highlight:
"These findings underscore the cybersecurity gaps that the healthcare industry desperately needs to address to safeguard the well-being of patients in an increasingly connected and software-driven world," said Mike Ahmadi, Global Director of Critical Systems Security for Synopsys' Software Integrity Group. "As we saw with the past two studies on the Building Security in Maturity Model (BSIMM), the healthcare industry continues to struggle when it comes to software security. The industry needs to undergo a fundamental shift, building security into the software development lifecycle and across the software supply chain to ensure medical devices are not only safe, but also secure."
A complete copy of the 'Medical Device Security: An Industry Under Attack and Unprepared to Defend' report can be found here. In addition, Synopsys and the Ponemon Institute are hosting a webinar on 21st June at 9am PT to discuss the key findings of the study.
More information about software security for the healthcare industry can be viewed here.