The experts estimate that cybersecurity in the healthcare industry will remain substandard for the next 20 years. But why is that so?
Christopher Neal, the head of information security at Ramsay Health Care estimates that, at this point, everything with a power point is either connected or will be rather shortly. Although IoT devices may not be transferring data from a patient’s medical file, they’re transferring readings and measurements as they relate to a patient’s health.
However, these IoT devices tend to be easy prey for hackers. This was clearly demonstrated when cybersecurity researchers gathered at the DefCon cybersecurity conference to test their skills on medical devices. Within 30 seconds, one of them managed to obtain unrestricted PowerShell access to an ultrasound device.
Although the FDA and other authorities have already set the cybersecurity standards for medical device manufacturers, according to Neal, the ones built on the basis of these guidelines are 3-4 years away from hitting the market. Another problem is the fact that an average piece of such medical gear is built to last from 10 to 15 years, meaning it’s going take a while before hospitals decide to replace them.
Moreover, each hospital tends to act as its own separate entity, which leads to consistency issues, not to mention the fact that IT administrators sometimes don’t even bother changing the default login credentials. Neal believes that in order to fix the problem, mapping out the devices to increase device visibility is the first step.