Where cyber risk meets healthcare
53% of connected medical devices in hospitals are aware of high risk
Cyber
Written by Nicole Panteloucos
In our increasingly connected world, the Internet of Things (IoT) connects everything from household appliances to critical medical devices. While this connection improves patient care, it also exposes health care systems to cyber threats.
Threat actors can exploit vulnerabilities in medical devices, such as pacemakers and insulin pumps, or breach hospital records and health technology systems, putting confidential patient data at risk. This not only jeopardizes the safety of patients but also threatens the well-being of people who are already at risk.
The FDA once recalled nearly 500,000 pacemakers over concerns that lax cybersecurity could allow hackers to drain the device's battery power or alter patients' heartbeats. Recently, software vendor Change Healthcare, a subsidiary of UnitedHealth Group, experienced a breach that compromised large amounts of personally identifiable patient and health information, with costs estimated at $2.3 billion.
Given this growing risk landscape, cyber insurance is the most important safeguard to protect patients and providers.
Risk of obsolescence of hospital infrastructure
Discussing the threat of hackers accessing medical services and causing harm to patients, Kirstin Simonson (pictured left), who leads cyber for technology and life sciences at Travelers, confirmed that although the risk may increase over time, the aging infrastructure in hospitals is still there. more pressing concerns.
Simonson specifically noted that MRI machines are among the most vulnerable to current cybersecurity threats.
“MRIs are very expensive for hospitals to replace, so many facilities continue to use these expensive machines for a long time before they are improved,” he said. “Given the age of these devices, they may lack important software patches or updates when they reach the end of their life cycle, creating a significant risk.”
To highlight this risk further, in a report published in the Internet Crime Complaint Center (IC3) of the FBI it was shared that about 53 percent of all connected medical devices and other IoT devices in hospitals were aware of the high risk.
The IC3 report also cited statistics that found that more than 40% of medical facilities are end-of-life, offering no safety nets or upgrades.
The importance of supply chain management
Jennifer Ampulski (pictured right), executive vice president and life sciences leader at Traveler, emphasized that addressing cyber risks in the life sciences and medical sectors requires not only risk assessment in devices but also risk assessment throughout the supply chain.
In particular, when advising customers on cyber hygiene best practices, marketers should encourage hospitals, pharmacy chains, and outpatient clinics to carefully evaluate their partners' cyber security practices. The importance of this approach is highlighted in a recent report from Data Theorem, which revealed that more than 91% of North American organizations surveyed have experienced a software supply chain incident in the past 12 months.
“What happens if a vendor that supplies your client's medical equipment, or component parts experiences a cyber incident? It is important to ensure that your customers have support providers and understand how such disruptions can impact their business and obligations,” warns Ampulski.
“An important step agents and sellers can take is to ensure that not only are their clients' online policies strong, but that security requirements are embedded in the seller's proposal process, to ensure that customer partners adhere to the highest standards,” continued Ampulski.
How buyers can guide life science clients on cybersecurity
In addition to helping clients deal with risks beyond their operations by reducing supply chain risk, brokers can use several strategies to improve cyber protection for clients in the medical and life sciences sectors:
- Use carrier services: Generally, insurance carriers provide simple checklists and guidance tools for both agents and insureds. Use these resources to help navigate and strengthen your team customer cybersecurity practices.
- Address common myths found online: Simonson noted that many customers mistakenly believe that issues related to damaged equipment are always covered by property insurance. It is important for brokers to clarify that such events may fall under a cyber insurance policy if the risk is defined as a cyber event.
- Use FDA guidelines: The life sciences industry is highly regulated, with many medical devices regulated by the FDA. Given this regulatory framework, it is important that vendors and agents work closely with life science companies to ensure that their online security practices are in line with these regulatory requirements to avoid legal consequences.
Related News
Keep up with the latest news and events
Join our mailing list, it's free!
Source link