Medical industry cyber breach statistics reveal an average of 6.2 vulnerabilities per medical device, at an average cost of $7.35 million per breach for U.S. companies.
NEW JERSEY (PRWEB) July 12, 2018
Wealth of Data and Device Vulnerabilities Drive Risk
Top 500 healthcare and critical infrastructure cybersecurity solution provider Sensato, co-founder of the Medical Device Cybersecurity Task Force, has issued a high alert for all organizations in the healthcare sector: Healthcare is among the most targeted industries for cyber attackers because of the wealth of data that can be accessed and the likelihood of vulnerabilities that provide openings for attackers.
The stakes are particularly high in the medical industry, as patient health and safety are at risk; practices to maintain older medical devices and update industry thinking about threat security measures are needed.
“While medical providers and technologists are committed to well-being, many simply don’t have full awareness of the volume of security threats presented to industry almost daily,” warns Sensato CEO John Gomez. “I meet with boards, administrators, and even chiefs of information security every week who work diligently, but still don’t have adequate protection in place because of the full scope of the threat.”
MEDICAL INDUSTRY CYBER BREACHES: IMPACT STATISTICS
- There is an average of 6.2 vulnerabilities per medical device
- About 60 percent of medical devices are at end-of-life stage, with no security patches or upgrades available
- The average organizational cost of a data breach for companies in the U.S. is $7.35 million
- The longer it takes to detect a breach, the more it costs – about $4 million more on average
- Cyber thieves target patient data because they can get top dollar for it -- $500 for a Medicare number, for example
- The FDA has already issued recalls of medical devices like pacemakers and insulin pumps that had security issues
“Every great new piece of connected technology introduces additional risk to any system,” says Gomez. “It’s our mission to help healthcare organizations safeguard the lives in their care by fortifying cybersecurity, with a particular focus on medical devices because of the vulnerabilities that we know they have.”
SENSATO CYBERSECURITY PROTECTION RECCOMENDATIONS:
- Assess the risks associated with all medical devices, including risk assessment and security certification from device manufacturers
- Develop an incident response platform
- Make every employee a human firewall by training them in cybersecurity risks and incident response protocols
- Enroll in an ISAO (Information Sharing and Analysis Organization) for access to shared threat intelligence
- Monitor medical devices and networks for anomalies and breaches
- Install a honeypot so you can analyze and address an attack
Sensato is a founding member of the Medical Device Cybersecurity Task Force, conducting ongoing medical device cybersecurity research and threat assessment. Sensato created MD-COP to provide a single, comprehensive security solution that addresses the administrative, technical, and operational requirements of HIPAA, NIST 800-53, and FDA Post-Market Guidance for Medical Device Cybersecurity.
Sensato is top-500 cybersecurity innovator located in Red Bank, New Jersey. Founded in 2013, Sensato provides risk assessment, penetration testing, security operations, executive guidance, and software. CEO and founder John Gomez is an internationally-known cybersecurity expert, author, and speaker. Sensato’s programs, systems, services, training, and intelligence gathering are the product of designing the highest level of security for those who provide critical services that impact human health and safety: healthcare, medical, pharmacological, and related organizations; law enforcement, fire, and emergency services; clean water, power, and heat providers.