Latest News

Report: Hospitals still don't have a handle on their IoT devices

Written on Aug 12, 2022

More than half of respondents to a new survey say their health care organizations experienced one or more cyberattacks in the past 24 months involving connected medical devices.  

The Insecurity of Connected Devices in HealthCare 2022 Report details multiple alarming trends including widespread and repeated attacks, financial losses measured in the millions and frequent failures to take basic cybersecurity measures. 

The report surveyed experts in leadership positions at 517 health care systems throughout the United States.  

Key findings: 

  • 56% of respondents stated their organizations experienced one or more cyberattacks in the past 24 months involving IoMT/IoT devices. Among those, 58% averaged 9 or more cyberattacks during that time. 

  • 45% of these respondents report adverse impacts on patient care, and 53% of those report adverse impacts resulting in increased mortality rates. 

  • 71% of respondents rated the security risks presented by IoT/IoMT devices as high or very high, while only 21% report a mature stage of proactive security actions. 

  • Of the 46% who performed well-known and accepted procedures such as scanning for devices, only 33% of these respondents keep an inventory of the devices that were discovered. 

  • 47% of those experiencing an attack resulted in a ransom being paid. 32% of the ransoms paid fell in the range of $250k - $500k. 

The report further details a range of financial impacts, attack types, and detailed sentiments surrounding investments made towards IoT/IoMT security.