The healthcare industry’s rapid adoption of digital health services and the progression of interconnected devices have revolutionized patient care and operational efficiency. However, this digital transformation has also exposed healthcare systems to a mounting wave of cyberattacks, which warrant improved protection measures, says GlobalData, a leading data and analytics company.
According to GlobalData’s Q2 2023 tech sentiment poll, 70% of survey participants expect cybersecurity to disrupt the healthcare industry, with over 41% expecting a significant disruption.
Ashley Clarke, Medical Analyst at GlobalData, comments: “Hackers can exploit various entry points, ranging from physical medical devices in and outside of medical facilities to gain unauthorized access to networks from nearly any connected device, medical or not. The implications of such attacks can be far-reaching, affecting patient privacy, interrupting healthcare services, and jeopardizing the safety and effectiveness of medical devices.”
According to reports from the US Department of Health and Human Services (HHS) Office of Civil Rights, breaches of unsecured protected health information have affected over 42.7 million US citizens thus far in 2023. This is a 50% increase from the 28.4 million individuals affected in the same period in 2022 and surpasses the 39.9 million affected individuals in the entire year of 2021. Although the number of reported cybersecurity breach events this year has seen a slight decline (338 compared to 390 in the same period last year), the staggering increase in affected individuals suggests that hackers are targeting larger networks, necessitating heightened vigilance and security measures.
To address mounting cybersecurity risks, the US FDA introduced new guidelines for medical device manufacturers in March 2023. These guidelines require manufacturers to submit a plan to monitor, identify, and address post-market cybersecurity vulnerabilities when applying for new pre-market authorizations.
Clarke continued that the approach was a start to enforcing a minimum level of security and encouraging routine cybersecurity testing to identify and address vulnerabilities before they can be exploited. However, older devices and non-medical devices connecting to remote patient monitoring and telehealth services could still pose a significant risk.
Recent cybersecurity vulnerabilities in prominent companies like Medtronic and Becton Dickinson serve as critical reminders of the continuous need for improvement in cybersecurity practices.
Clarke concludes: “As we progress towards a more interconnected healthcare landscape, collaboration with cybersecurity experts, the adoption of advanced technologies like blockchain and zero-trust architecture, and prioritizing data security will be vital to safeguard patient information and ensure continuous, secure care.”