Zingbox, the provider of the most widely deployed healthcare Internet of Things (IoT) analytics platform and leader of healthcare IoT security research, recently released the report of its second annual Healthcare Security Survey. The survey was expanded this year to include not only IT/IS professionals but also clinical and biomedical engineers who play critical roles in managing and securing connected medical devices.
The survey revealed a contradiction between the confidence that health care professionals have in the visibility of connected medical devices and security of their networks, and the inefficient and ineffective legacy processes many still rely on to keep them secure.
Legacy Solutions Can't Effectively Secure a Network of Connected Medical Devices
The vast majority of HIT professionals feel confident that the connected medical devices in their hospitals are protected in case of a cyberattack:
• Seventy-nine percent say their organization has real-time information about which connected medical devices are vulnerable to cyber attacks.
• Eighty-seven percent are confident that their devices are protected in the event of a cyber attack.
• Sixty-nine percent feel traditional security solutions for laptops and PCs are adequate to secure connected medical devices.
Unfortunately, their confidence is not justified. "Most organizations are thinking about antivirus, endpoint protection and firewalls, but there are many devices—like medical monitoring equipment—and no one is thinking about securing them," says Jon Booth, Bear Valley Community Hospital District IT director and Zingbox customer. Additionally, a Gartner report, "Market Trends: Five Healthcare Provider Trends for 2018," published in November 2017, notes: "Generally, medical devices are not replaced for at least 10 years, with many running old software that has not been updated or patched."
And there are other challenges: the Zingbox survey revealed 41% of HIT professionals do not have a separate or sufficient budget for securing connected devices.
Majority of Clinical and Biomedical Engineers Still Rely on Manual Processes for IoT Devices
When asked about inventory of connected medical devices, majority of clinical and biomedical engineers (85%) were confident that they have an accurate inventory of all connected medical devices even though many rely on manual audits, which are prone to human error and quickly become outdated. Additional responses from clinical and biomedical engineers include the following:
• Close to two-thirds (64%) of responses indicate reliance on some form of manual room-to-room audit or use of static database to inventory the connected devices in their organization.
• Just 21% of responses say their devices receive preventative maintenance based on device usage as opposed to some kind of fixed schedule.
The survey also shows that more than one-half (55%) of responses indicate clinical/biomedical engineers must walk over to the device or call others to check on their behalf whether a device is in-use before scheduling repairs. Many make the trip only to find out that the device is in-use by patients and must try again in the future hoping for better luck.
"Despite the recent progress of the health care industry, the survey exemplifies the continued disconnect between perception of security and the actual device protection available from legacy solutions and processes. Unfortunately, much of the current perception stems from the use of traditional solutions, processes and general confusion in the market," says Xu Zou, CEO and cofounder of Zingbox. "Only by adopting the latest IoT technology and revisiting decade-old processes, can health care providers be well prepared when the next WannaCry hits.
View the full report at www.zingbox.com/resources/2nd-annual-zingbox-survey-2018.
— Source: Zingbox