- Cybersecurity incidents will continue to be a major concern for the developers and users of medical devices over 2022.
- Cybersecurity attacks have the potential to disrupt healthcare delivery and impact patient safety.
- The continued rapid uptake of digital health technologies throughout the course of the Covid-19 pandemic is increasing the attack surface for cyber attacks in the short term.
- Cybersecurity attacks against healthcare organisations doubled between 2019 and 2020 and hospitals are a growing target for attack.
Cybersecurity incidents will be a top concern for the developers and users of medical devices over 2022 as cyberattacks on healthcare companies will continue to be a threat to the industry. An increase in healthcare cybersecurity risks post-Covid is a previously identified topic by Fitch Solutions. This view has been supported by the latest release of a report on health technology risks from ECRI, an independent non-profit organisation which focuses on improving the safety, quality and cost-effectiveness of healthcare and conducts independent evaluations of medical devices for safety and efficacy. Cybersecurity attacks was listed as the top health technology hazard for 2022 in the ECRI report, which is based on problem reports th在 organisation receives in addition to medical device tests. Other major health technology hazards for 2022 highlighted by ECRI include supply chain shortfalls, damaged infusion pumps which can cause medication errors and inadequate stockpiling of emergency medical supplies which could disrupt patient care during public health emergencies.
Cybersecurity attacks can disrupt healthcare delivery and impact patient safety, while the rapid uptake of digital health technologies over the last two years has increased the attack surface in the short term. Cybersecurity incidents threaten connected medical devices and data systems which have become ubiquitous in modern healthcare settings. Incidents can lead to the rescheduling of appointments and surgeries, the diversion of emergency vehicles or the closure of care units or whole organisations, all of which can be detrimental to patients. The Covid-19 pandemic forced changes to the traditional delivery of in-person healthcare, shifting consultations online, with providers and patients turning to digital health technologies to enable to continuation of healthcare services. The subsequent rapid adoption and onboarding of telehealth vendors and the uptake of digital health solutions has increased the attack surface, raising cybersecurity risks. This refers to the sum of the different points of attack which an unauthorised user harnesses to access data. 在Q320, there was a 100% rise in total reported data breaches to the US Department Of Health And Human Services by healthcare providers that store US patient data. The increase was almost exclusively through hacking/ IT incidents, with the increased use of telehealth solutions during this period.
Cybersecurity attacks against healthcare organisations are increasing and hospitals are a growing target for attacks. The number of cyberattacks against healthcare companies doubled between 2019 and 2020, according to a report from IBM Security. Out of the top ten industries, healthcare received the seventh highest number of attacks with 6.6% of the total in 2020, up from 3% in 2019. The increase of cyberattacks against healthcare companies is attributed to Covid-19 related healthcare attacks and a number of attacks against hospitals. Cyberattacks affect hospital data systems and medical devices which can disrupt patient care and negatively impact patient outcomes. Countering the risks from cybersecurity attacks requires robust security programmes to prevent attacks from reaching critical devices and systems. These programmes must also include plans for maintaining patient care and safety in the event of attacks reaching critical systems. Critical to countering the threat of cyber attacks is ensuring that connected medical devices are properly maintained and updated with the latest software versions to strengthen patient safety against ransomware outages.
This report from Fitch Solutions Country Risk & 行业 研究 is a product of Fitch Solutions Group Ltd, UK Company registration number 08789939 ('FSG'). FSG is an affiliate of Fitch Ratings Inc. ('Fitch Ratings'). FSG is solely responsible for the content of this report, without any input from Fitch Ratings. Copyright © 2021 Fitch Solutions Group Limited. © Fitch Solutions Group Limited All rights reserved. 30 North Colonnade, London E14 5GN, UK.