Armis will be attending the Healthcare Information and Management Systems Society (HIMSS) conference in February 2019. This has become the bellwether conference for people concerned about security in healthcare environments. Armis will be speaking at the conference, discussing the challenges of protecting medical devices and medical IoT, as well as some of our recent findings. So I thought I would write a few thoughts before the show.
Looking back at 2018, it’s obvious that things have continued to get worse from a security perspective. If you need proof:
If you are looking for even more examples of how challenging it can be to secure medical devices, you can read my previous healthcare-related blog post in July 2018.
All this caused the good folks at the ECRI Institute (they are the people who invented the crash cart) to conclude last month that cybersecurity is the most significant threat to healthcare operations in 2019 – more significant than surgical complications, infections, and other traditional concerns.
Why is the healthcare industry suffering so greatly? Armis has a unique vantage point in that we are able to see all devices – medical and more – among all of our customers and compare one industry to another. We see that the percentage of unmanageable devices in healthcare environments is higher than any other industry. This means the attack surface is greater, so it is easier for attackers to break into healthcare networks. At the same time, statistics from the FBI and other sources show that the motivation to attack healthcare delivery organizations is higher than for other industries: the value of a breached healthcare record on the black market is higher than literally any other type of record.
The key thing to understand is the situation is likely to get worse before it gets better. Deloitte reports that the Internet of Medical Things market is growing at 31% per year. And Ponemon Institute reported that 67% of medical device manufacturers say an attack on their medical devices is likely, but just 17% of those companies are taking significant steps to thwart cyber attacks.
This level of insecurity is astounding. You would not expect this behavior from vendors such as Microsoft, Apple, Google, etc. But somehow, this behavior is tolerated from biomedical device vendors.
As I stated in my prior blog post, traditional security products are not designed to defend against the Internet of Medical Things threats, so I won’t repeat that here. But I would like to give you some examples of things that Armis has recently seen in healthcare environments.
If you are going to the HIMSS conference, stop by and see us at Booth number #400-39. We’ll explain to you how we found these things. More importantly, we’ll show you how you can passively and continuously track all your medical devices for real-time threat assessment and mitigation. This will let you take advantage of new medical devices and medical IoT safely, and avoid a disastrous cyber attack on your organization.
And please — come listen to Armis’ presentation on Wednesday, February 13, at 12:15 PM in the Cyber Security Theater on the HIMSS expo floor.
I hope to see you at HIMSS!
Sign up to receive the latest news