Healthcare cyberattacks remain on the rise, yet an astounding 88% of MedTech leaders do not believe that their organization is prepared to thwart a cyberattack. This according to a new survey of senior-level corporate and product executives at Fortune 1000 medical device manufacturers, digital and mobile health companies, and telehealth providers. Other key findings included:
- 80% have suffered at least one cyberattack in the past five years, including ransomware, malware, phishing, spoofing, and DDoS, with customer databases, employee information, and even R&D being targeted.
- Only 18% believe the security built into their medical device products is strong, while 80% rated their organization’s cybersecurity products as just adequate, or not robust.
- 80% of respondents believe that regulatory compliance is the biggest business benefit of implementing a strong cybersecurity strategy, yet only 28% rated themselves very aware/knowledgeable about forthcoming EU and US regulations.
<p><span lang=\"EN-US\">Like every other critical infrastructure sector, healthcare is deeply dependent on software. From the tiniest devices to the largest medical record systems, software offers attackers an asymmetric advantage to damage the confidentiality, integrity, and availability of data and equipment.</span> </p> <p> </p> <p><span lang=\"EN-US\">The recent rash of ransomware attacks should convince any healthcare organisation that a proactive approach to software security is not a luxury but a necessity.</span> <span lang=\"EN-US\">Organisations that wish to reduce risk use a software security initiative, which encompasses buying and configuring software products as well as how to respond to software security incidents. Even when an organisation is careful about purchasing products, configuring them, and deploying them in a network infrastructure, things will still go wrong. Having incident response plans means being able to respond quickly and effectively when problems arise.</span> </p> <p> </p> <p><span lang=\"EN-US\">A big part of cybersecurity has to do with how software products are built in the first place. Following a secure development life cycle, where security is examined and tested at every phase of development, helps vendors create more secure, more reliable software products. Healthcare organisations that consume these products should demand such a process from their vendors and participate in standardization efforts to define acceptable development practices.</span></p>