New Report Quantifies Hospitals’ IoT and IoMT Cybersecurity Risk

“Total Cost of Ownership Analysis on Connected Device Cybersecurity Risk” details the challenges that hospital systems now face, and the increasingly urgent need for modernized risk mitigation

Asimily, an Internet of Things (IoT) and Internet of Medical Things (IoMT) risk management platform, today announced the availability of a new report: Total Cost of Ownership Analysis on Connected Device Cybersecurity Risk.

The full report highlights the unique cybersecurity challenges that healthcare delivery organizations (HDOs) face and the true costs of their IoT and IoMT security risks. HDOs have a low tolerance for service interruptions to network-connected devices and equipment because of their crucial role in patient outcomes and quality of care. Resource-constrained HDO security and IT teams continue to face operational difficulties in sufficiently securing critical systems from increasingly-sophisticated attacks, as their vast and heterogeneous IoMT device fleets complicate management and, left unchecked, offer a broad attack surface. The report concludes that adopting a holistic risk-based approach is the most cost-efficient and long-term-effective path for HDOs to secure their critical systems and IoMT devices.

Among the key findings and analysis included in the new report:
Emerging cybersecurity trends and challenges: The report reveals the top cyberattack strategies impacting HDO medical devices right now: ransomware attacks that spread to devices and disrupt services, third-party-introduced malware that impacts device performance, and devices communicating with unknown IP addresses to enable remote breaches. Cyberattacks on healthcare providers have become remarkably common: the average HDO experienced 43 attacks in the last 12 months. Unfortunately, many of those attacks are successful, with 44% of HDOs suffering a data breach caused by a third party within the last year alone.

The high cost of doing nothing: For HDOs, today’s high-failure status quo can be catastrophic. Cyberattacks cost HDOs an average of $10,100,000 per incident. Worse, cyber incidents are directly responsible for a 20% increase in patient mortality. 64% of HDOs also reported suffering from operational delays, and 59% had longer patient stays due to cybersecurity incidents. Those financial and operational burdens are pushing many HDOs to the brink: the average hospital operating margin sits at 1.4% in 2023. Currently, more than 600 rural U.S. hospitals risk closure, in an environment where a single cyberattack can put a smaller HDO out of business.

Poor device health leads to poor outcomes: HDO security and IT teams face a high-risk environment where the average medical device has 6.2 vulnerabilities. Adding to this challenge, more than 40% of medical devices are near end-of-life and poorly supported (or unsupported) by manufacturers.

Cybersecurity resources and staffing are limited: Even when device vulnerabilities are recognized, HDO security teams are able to fix only 5-20% of known vulnerabilities each month.

Cyber insurance is no longer enough: As ransomware attacks and breaches have skyrocketed in recent years, cyber liability insurers are introducing coverage limits and capped payouts, making it a less and less effective recourse for HDOs. At the same time, cyber insurance also fails to address the costly reputational damage an HDO suffers following a breach.

“This report details the very current and very significant challenges that HDOs face in defending themselves from cybersecurity risk, and the profound need for holistic and optimized risk reduction strategies as they implement and scale a cybersecurity risk management program for their connected devices,” said Stephen Grimes, Managing Partner & Principal Consultant at Strategic Healthcare Technology Associates, LLC. “Asimily’s risk prioritization capabilities and clear device vulnerability scoring enable HDO security teams to overcome limited resources and accurately focus on remediating the greatest risks to their organizations, achieving a ten-fold increase in cybersecurity productivity. We invite HDO leaders and their cybersecurity risk managers to read and absorb the lessons of this report, and to take the steps necessary to mitigate IoMT device risks with the strategic efficiency and effectiveness these risks demand.”

“As a growing healthcare organization acquiring clinics and offering new services like ambulatory clinics, you have to stay in front of the risk,” said Kevin Torres, the VP of IT and CISO at MemorialCare, an Asimily customer and leading nonprofit health system in Orange County and Los Angeles County that includes four hospitals along with other specialized clinics. “You need to make sure that you’re effectively onboarding these environments and matching their security posture to yours. Using Asimily, we gained full visibility into connected IoT and IoMT devices and their associated vulnerabilities. Our security program achieved 98% NIST compliance while the average of 60 similar HDOs is 71%.”

Read the Total Cost of Ownership Analysis on Connected Device Cybersecurity Risk here.

SourceAsimily

Hot this week

Cartessa Aesthetics Partners with Classys to Bring EVERESSE to the U.S. Market

Classys, which is listed on the KOSDAQ, is one of South Korea's most distinguished aesthetic technology manufacturers, with devices distributed in 80+ markets globally. This partnership marks Classys's official entry into the American marketplace, with Cartessa Aesthetics as the exclusive distributor for EVERESSE, launched under the Volnewmer brand in current global markets.

Stryker Launches Next-Generation of SurgiCount+

Now integrated with Stryker's Triton technology, SurgiCount+ addresses two key challenges: retained surgical sponges and blood loss assessment. Integrating these previously separate digital solutions provides the added benefit of a more efficient, streamlined workflow for hospitals notes Stryker.

Nevro Receives CE Mark In Europe for It’s HFX iQ™ Spinal Cord Stimulation System

Nevro notes HFX iQ is the first and only SCS system with artificial intelligence (AI) technology that combines high-frequency (10 kHz) therapy built on landmark evidence that uses ongoing cloud data insights to deliver personalized pain relief

Recor Medical Reports: CMS Grants Distinct TPT Device Code and Category to Recor Medical for Ultrasound Renal Denervation

The approval of TPT offers incremental reimbursement payments for outpatient procedures performed with ultrasound renal denervation for Medicare fee-for-service beneficiaries. It becomes effective January 1, 2025, and is expected to remain effective for up to three years notes Recor Medical.

Jupiter Endovascular Reports | 1st U.S. Patient Treated with Jupiter Shape-shifting Thrombectomy Device

“Navigation challenges during endovascular procedures are often underappreciated and have led to under-adoption of life-saving procedures, such as pulmonary embolectomy. We have purpose-built our Endoportal Control technology to solve these issues and make important endovascular procedures accessible to more clinicians and their patients who can benefit from them,” said Carl J. St. Bernard, Jupiter Endovascular CEO. “This first case in the U.S. could not have gone better, and appears to validate the safety and performance we are seeing in our currently-enrolling European SPIRARE I study.”