Deloitte has audited 370 professionals in the medical device/IoT ecosystem to learn how often their companies’ products are the subject of a cybersecurity incident. The responses were staggering: 35.6 percent said their organizations suffered a cybersecurity incident in the past year.
Identifying cybersecurity risks associated with fielded and legacy connected devices, as well as mitigating those risks, are the industry’s biggest challenges, according to 30 percent of the respondents.
Embedding vulnerability management into the design of IoT medical devices is another major problem, 19.7 percent of respondents said. Other roadblocks cited include: monitoring and responding to cybersecurity incidents (19.5 percent), and lack of collaboration on cyber threat management throughout the supply chain (17.9 percent).
“Collaboration between providers, manufacturers, and suppliers is key when it comes to bridging the gaps in medical device cybersecurity,” said Russell Jones, Deloitte Risk and Financial Advisory partner. “This is a problem that requires the industry as a whole to come together and create a safe space where feedback and information can be shared freely.”
Post-incident risk is also an issue for IoT medical device makers. Only 18.6 percent said they were “very prepared” to address a lawsuit if someone decided to hack their products. This is especially true for implanted devices, like pacemakers.
Earlier this year, a number of security experts jointly researched connected medical devices and found an alarming 8,000 common code vulnerabilities in pacemakers.
More recently, a bipartisan group of U.S. senators announced plans to draft a bill that will bind IoT makers, not just those selling medical devices, to tighten the security around their connected/embedded systems.
As cybersecurity concerns continue to rise worldwide, the European Union and the United Kingdom are drafting new legislation to secure the digital lives of their citizens.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsNovember 14, 2024
September 06, 2024