Medical device manufacturers are deeply concerned about the potentially deadly consequences of cyberattacks on critical medical equipment, including implantable devices, such as pacemakers.
A new survey sheds light on the widespread sense of vulnerability in the industry. A poll of 500 device manufacturers and health care providers by Synopsys, the software company, finds two-thirds of device manufacturers and more than half of providers believe there will likely be a major cyberattack on a medical device in the next year.
Similarly, 80 percent of both medical professionals and manufacturers say that securing medical devices is "very difficult."
Recommended For You
The health care sector has become a favored target of hackers because of the valuable patient records they possess. Medical records are full of information hackers can use to create fake identities, including social security numbers, names and birthdates.
However, hackings of medical devices presents an even more ominous prospect the world has still not experienced. Some tech experts have warned hackers could infiltrate WiFi-connected medical devices and essentially hold a person hostage by controlling a piece of equipment their life depends on.
The awareness and fear of hackings, however, has not necessarily led to increased vigilance, the survey suggests. Only a small minority of providers and device manufacturers say they are taking "significant steps" to prevent cyberattacks.
In fact, less than 10 percent of manufacturers say they test their devices annually to gauge vulnerabilities to cyberattacks.
Guidance from the FDA on how to prevent cyberattacks is also regularly ignored: Barely half of device manufacturers report following the advice of the federal agency. Less than half of health care providers say the same.
In many cases, the report finds, device manufacturers and medical providers lack a person who is in charge of cybersecurity or who would otherwise be deemed responsible for overseeing the anti-hacking efforts.
While hackings have been around as long as computers, prominent cyberattacks over the last two years have led to a growing sense of alarm about whether any information can truly be private again.
A critical tipping point may have come during last year's presidential election, when hackers infiltrated the email system of the Democratic National Committee as well as that of Hillary Clinton's campaign chairman, John Podesta. The subsequent conclusion by U.S. law enforcement agencies that Russian hackers sought to influence the U.S. election by leaking information damaging to Clinton both infuriated supporters of the vanquished candidate but also sent a strong signal to those who were satisfied with the election result that it could easily be their own information that is compromised next.
Attacks on health care organizations, including a successful attempt by "ransomware" hackers to extort money from a major Los Angeles hospital, also the Department of Health and Human Services to create a cybersecurity task force early in 2016 aimed at identifying best practices that providers, insurers and device manufacturers could use to avoid devastating attacks.
In a report released this month, the task force recommended developing a health care-specific security framework that would offer medical professionals more specific guidance than what is currently offered by the National Institute of Standards and Technology Cybersecurity Framework.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
