It’s a scenario right out of a Hollywood blockbuster. Without a word of warning, medical devices regulating everything from heartbeat to insulin levels across a hospital system begin behaving erratically – creating mass confusion and a potential life-and-death emergency for hundreds of patients. Far-fetched? Perhaps. But far from impossible. The fact that no one has ever attempted to do such a thing is maybe just luck. And that’s the concern as the healthcare industry finds itself today under relentless cyber attack.
In 2019, the industry was responsible for nearly four out of five of all reported data breaches and in 2020, the situation is only expected to get worse. Estimates put the cost of cyber crime to the industry at as much as $4 billion—and that doesn’t include the damage to the professional reputations of the healthcare institutions involved.
Security experts consider it only a matter of time before medical devices might become a major contributor to this threat landscape. Medical devices permeate the typical hospital—as many as 10-15 per bed according to most estimates. In a large hospital that could mean as many as thousands of beds. Most, if not all of these devices, are connected to the internet by some form of a wired or wireless network. And until very recently, medical device manufacturers (MDMs) were not required to account for the cyber security for their devices—making them among the easiest of potential targets to hack.