Renewed cybersecurity methods urgently needed among legacy medical devices to protect against cyberattacks, says GlobalData

For more than a decade, the healthcare industry has been the largest target for data breaches due to relying on older medical devices that no longer support security updates and are at a higher risk of ransomware attacks, says GlobalData. The leading data and analytics company notes that efforts to combat this are urgently required to protect patients’ data and prevent cyberattacks.

Alexandra Murdoch, Medical Device Analyst at GlobalData, comments: “Breaches of data in a healthcare setting can have severe implications, as patient’s lives can be in danger from outdated and unprotected medical devices. For example, if CT or MRI equipment is tampered with, it could result in an incorrect diagnosis, or even an incorrect or unnecessary medical procedure.”

Older medical devices were not built with security in mind, which leads them to be more vulnerable. In fact, many medical devices are vulnerable to cyberattacks for a variety of reasons. Some medical devices, especially legacy devices, are too old for security updates or patches, and some are too old to update at all.

Murdoch continues: “The knowledge that many of our most critical devices are legacy devices and therefore too old to update is concerning. The availability to update a device could be crucial to preventing cyberattacks. It’s important for patients’ safety that the industry invests in newer devices that will perform regular security updates.”

In addition to understanding how these data breaches are possible, there needs to be a greater understanding of where the threats are coming from, and how to stop them.

Murdoch adds: “Beyond the idea of providing new devices to hospitals that are compatible with security updates, another solution is to use predictive technology such as ‘breach likelihood’. This technology is used by other sectors and would provide the probability and consequence of a breach happening, based on the device. The technology would help decide which devices would be worth keeping and which would be better off replaced. Additionally, this type of technology could provide visibility by alerting healthcare professionals to how vulnerable a device is to cyberattacks, something that is especially necessary among the legacy medical devices.”

More Media