The survey revealed a contradiction between the confidence that healthcare professionals have in the visibility of connected medical devices and security of their networks, and the inefficient and ineffective legacy processes many still rely on to keep them secure.
The vast majority of healthcare IT professionals feel confident that the connected medical devices in their hospitals are protected in case of a cyberattack:
- Seventy-nine percent say their organization has real-time information about which connected medical devices are vulnerable to cyber attacks
- Eighty-seven percent are confident that their devices are protected in the event of a cyber attack
- Sixty-nine percent feel traditional security solutions for laptops and PCs are adequate to secure connected medical devices
Unfortunately, their confidence is not justified. “Most organizations are thinking about antivirus, endpoint protection and firewalls, but there are many devices—like medical monitoring equipment—and no one is thinking about securing them,” said Jon Booth, Bear Valley Community Hospital District IT director and Zingbox customer. Additionally, as noted in a Gartner report, "Market Trends: Five Healthcare Provider Trends for 2018," published in November 2017, notes: “Generally, medical devices are not replaced for at least 10 years, with many running old software that has not been updated or patched.”
And there are other challenges: the Zingbox survey revealed 41 percent of healthcare IT professionals do not have a separate or sufficient budget for securing connected devices.
When asked about inventory of connected medical devices, majority of clinical and biomedical engineers (85 percent) were confident that they have an accurate inventory of all connected medical devices even though many rely on manual audits, which are prone to human error and quickly become outdated. Additional responses from clinical and biomedical engineers include:
- Close to two-thirds (64 percent) of responses indicate reliance on some form of manual room-to-room audit or use of static database to inventory the connected devices in their organization
- Just 21 percent of responses say their devices receive preventative maintenance based on device usage as opposed to some kind of fixed schedule
The survey also shows that more than half (55 percent) of responses indicate clinical/biomedical engineers must walk over to the device or call others to check on their behalf whether a device is in-use before scheduling repairs. Many make the trip only to find out that the device is in-use by patients and must try again in the future hoping for better luck.
“Despite the recent progress of the healthcare industry, the survey exemplifies the continued disconnect between perception of security and the actual device protection available from legacy solutions and processes. Unfortunately, much of the current perception stems from the use of traditional solutions, processes and general confusion in the market,” said Xu Zou, CEO and co-founder of Zingbox. “Only by adopting the latest IoT technology and revisiting decade-old processes, can healthcare providers be well prepared when the next WannaCry hits.”
See here to view full report.
The survey was conducted online by Propeller Insights on behalf of Zingbox in October 2018 among more than 400 U.S.-based healthcare IT decision-makers and clinical engineers. The results were weighted to the U.S. census for age, gender, region and income.
Zingbox is the provider of the most widely deployed healthcare Internet of Things (IoT) analytics platform. Recently named a Cool Vendor in IoT Security by Gartner and recipient of the Stevie Award for Most Innovative Company, Zingbox helps hospitals realize the full potential of their IoT medical devices, delivering a new standard for uninterrupted quality care through device inventory, management, security and optimization for the entire IoT environment. The company’s device-specific, AI-powered machine learning platform uses the first real-time deep behavioral learning technology for connected medical devices.