The Swedish software firm Irdeto conducted the Global Connected Industries Cybersecurity Survey, which showed that 82% of healthcare organizations using Internet-of-Things (IoT) devices have encountered a cyberattack on no less than one of those devices in the last 12 months.
Irdeto asked 700 security leaders of healthcare providers and companies in the manufacturing, IT and transportation industries in the United States, Germany, United Kingdom, China, and Japan. All the surveyed industry sectors had experienced attacks on their IoT devices, however, healthcare providers had the most cyberattacks.
The biggest danger that could arise from these IoT cyberattacks is patient data theft. The attacks can also put end-user safety at risk, cause intellectual property loss, operational downtime and ruin to the organization’s good reputation. The inability to effectively protect the devices can potentially cause regulatory penalties.
According to the survey results, the major risks resulting from a cyberattack on IoT devices are
- patient data theft as per 39% of healthcare respondents
- patient safety as per 20% of respondents; 30% of healthcare organizations that encountered an IoT cyberattack actually said that patient safety was threatened as a direct consequence of a cyberattack.
- theft of intellectual property as per 12% of respondents
- downtime and damage to the reputation of the organization as per healthcare security professionals
The major effect of these attacks are
- operational downtime, which 43% of companies experienced,
- theft of data (42%),
- ruin to the reputation of the company (31%)
Limiting IoT cyberattacks will require a substantial price. Resolving a healthcare IoT cyberattack had an average cost of $346,205, which was only slightly lower than the mitigation cost of attacks on the transport industry, which was $352,639 on average.
Although there are risks to using IoT devices, it doesn’t seem to stop hospitals and other healthcare providers in utilizing the devices. Healthcare providers currently use up to 15 million IoT devices. Hospitals generally utilize 10 to 15 devices per hospital bed on average.
It is a challenge to secure IoT devices, but many healthcare providers know precisely where the problems lie. They only lack the means to resolve those vulnerabilities.
Manufacturers must do more to protect their devices. Security is typically an afterthought and safety measures are just bolted on instead of being integrated into the design process. 49% of device manufacturers said security is considered in the process of designing the devices and 53% of device manufacturers perform code reviews and constant security inspections.
82% of IoT device manufacturers indicated concern regarding the security of their devices and safeguards may not be sufficient to stop a successful cyberattack. 93% of manufacturers stated device security can be enhanced, which is what 96% of device users also stated.
The researchers explained that there is a change in the past mindset of security being an afterthought. 99 percent believe that a security solution, not just a cost, ought to be an enabler of cutting edge business models. This clearly shows that businesses understand the importance of security to their organization.