Digital transformation might have made healthcare more efficient but it has exposed the industry to more cyberattacks, according to a new report.
According to GlobalData’s Q2 2023 tech sentiment poll, 70 per cent of survey participants expect cybersecurity to disrupt the healthcare industry, with over 41 per cent expecting a significant disruption.
GlobalData Medical Analyst Ashley Clarke said that hackers can exploit various entry points, ranging from physical medical devices in and outside of medical facilities to gaining unauthorised access to networks from nearly any connected device, medical or not.
“The implications of such attacks can be far-reaching, affecting patient privacy, interrupting healthcare services, and jeopardizing the safety and effectiveness of medical devices,” he said.
According to reports from the US Department of Health and Human Services (HHS) Office of Civil Rights, breaches of unsecured protected health information have affected over 42.7 million US citizens thus far in 2023. This is a 50 per cent increase from the 28.4 million individuals affected in the same period in 2022 and surpasses the 39.9 million affected individuals in the entire year of 2021.
Although the number of reported cybersecurity breach events this year has seen a slight decline (338 compared to 390 in the same period last year), the staggering increase in affected individuals suggests that hackers are targeting larger networks, necessitating heightened vigilance and security measures.
To address mounting cybersecurity risks, the US FDA introduced new guidelines for medical device manufacturers in March 2023. These guidelines require manufacturers to submit a plan to monitor, identify, and address post-market cybersecurity vulnerabilities when applying for new pre-market authorisations.
Clarke said: “This approach is a start to enforcing a minimum level of security and encouraging routine cybersecurity testing to identify and address vulnerabilities before they can be exploited. However, older devices and non-medical devices connecting to remote patient monitoring and telehealth services could still pose a significant risk.”
Recent cybersecurity vulnerabilities in prominent companies like Medtronic and Becton Dickinson serve as critical reminders of the continuous need for improvement in cybersecurity practices.
Clarke added: “As we progress towards a more interconnected healthcare landscape, collaboration with cybersecurity experts, the adoption of advanced technologies like blockchain and zero-trust architecture, and prioritizing data security will be vital to safeguard patient information and ensure continuous, secure care.”