A few weeks ago I wrote about the challenges facing the healthcare industry ahead of a new report out from a group that was created to figure out what challenges the growth of internet connected devices will have on healthcare. The report, written by the Health Care Industry Cybersecurity (HCIC) Task Force, is sobering reading. The report deals with all aspects of healthcare delivery, from the companies like GE and Philips that manufacture equipment that isn’t supported with security updates to the FDA which oversees the regulation of medical devices.
No one comes out looking good. Hospitals added connected devices without thinking through the consequences and now have little understanding of what they own and what might be vulnerable. Nor do they have the budget or expertise to fix it. Government funding formulas helped incentivize hospitals to buy connected products without thinking through the security of those devices and equipment makers put devices on the market with no thought to security and now refuse to keep them updated. Stuck in the middle are a few hospital CISOs and patients who are seeing their data hacked and appointments canceled as hackers target the medical wards for financial rewards. The worst news is that this problem meets up with a buying cycle that means insecure equipment will still be in the hospitals 15 years from now.