News Feature | October 24, 2016

Cybersecurity Spending On Connected Medical Devices Remains Alarmingly Low

Christine Kern

By Christine Kern, contributing writer

IoT Cybersecurity

Projections show spending should triple by 2021 to address rising cybersecurity concerns.

Smart medical devices connected through the medical Internet of Things (IoT) are poised to transform healthcare, but that role could be jeopardized if cybersecurity concerns remain unaddressed. An ABI Research report has warned, “The millions of connected medical devices introduce dangerous new threat vectors into the healthcare infrastructure, and will seriously undermine patient safety and effective care delivery if left unchecked.”

This year, according to ABI Research’s Securing Medical Devices report, healthcare providers and manufacturers will spend about $390 million to secure connected medical devices this year, which is only a fraction of the $5.5 billion projected to be spent on healthcare cybersecurity. However, the growing attention to cyberthreats to healthcare entities means that cybersecurity investment in medical devices could triple by 2021 to address these vulnerabilities.

ABI says that much of that spending will involve embedding security in hardware, analyzing glitches, developing patches and performing wireless updates, while the rest will focus on data protection. “We estimate spending by healthcare providers and OEMs on healthcare cybersecurity to reach $5.5 billion by 2016,” explained Michela Menting, Research Director at ABI Research. “However, only $390 million of that will be dedicated to security medical devices. Healthcare stakeholders have to understand that there is a new hostile environment that will emerge around networked medical devices and that threat actors have multiple levels of skills and diverging motivations for attacking the medical IoT.”

Protecting devices will require the collaboration of manufacturers, providers and health IT experts, the report says, adding the U.S. is the only country currently taking a real stab at the problem. Among the companies already embracing medical device cybersecurity are Battelle, Coalfire, DrÓ“ger, Extreme Networks, Sensator Synopsys, UL, and WhiteScope.

Menting concluded, “Investment in medical device cybersecurity is critical in order to deliver the full promise of next-generation healthcare technology. OEMs and healthcare providers taking part in the discussion today will be the pioneers forming the foundation of future cybersecurity for medical devices.”

As connected devices drive the delivery of healthcare, providers and other stakeholders need to turn their attention to cybersecurity surrounding those devices. As Health IT Outcomes reported, “Manufacturers admit they have not focused on security in their devices. A recent AT&T report found that 85 percent of enterprises are in the process of or are planning to deploy IoT devices, but only 10 percent feel confident they can secure those devices against hackers.”