HIMSS Survey Reveals Concerns in Relation to Mobile Device Security

by | Jun 20, 2018

The results of a HIMSS survey has revealed that medical device security is a strategic focus for most healthcare groups, yet fewer than 50% of healthcare providers have an approved budget for addressing security weaknesses in medical devices.

For the survey, HIMSS questioned 101 healthcare sector practitioners in the United States and Asia for IT giant Unisys.

85% of those questioned in the survey said medical device security was a strategic focus and 58% said it was a high priority, yet only 37% of respondents had an approved budget set aside to adapt their cybersecurity strategy for medical devices. Small to medium healthcare suppliers were even less likely to have adequate funds available, with 71% of companies lacking the budget for medical device security enhancements.

Weaknesses in medical devices are often being discovered. ICS-CERT has released several recent advisories about weaknesse in a wide range of devices. In many instances, flaws are discovered and addressed before they can be exploited by cybercriminals, although the WannaCry attacks last year displayed just how much of a risk is involved – to organizations as well as patients.

A recent MedCrypt-funded study from the University of California Cyber Team has shown that some healthcare groups have encountered cybersecurity incidents involving unsecured medical devices that have had an adverse effect on patients. The groups that had experienced incidents involving compromised medical devices stated between 100 and 1,000 patients had been impacted.

Bill Parkinson global senior director, Unisys Life Sciences and Healthcare said: “While most life sciences and healthcare organizations understand the need to strengthen device security, many are struggling with legacy devices that were never designed to be internet-accessible – and with the explosion of ransomware and sophisticated cyberattacks like WannaCry, that can put both the provider and the patient at risk.”

Those who participated in HIMSS/Unisys survey were asked what security measures they had implemented to safeguard their medical devices. 85% said they had firewalls and network access control measures, although only 53% said they employed segregated networks for medical devices, even though segmentation of networks can help groups mitigate risk.

Parkinson said: “To ensure proper security, all devices require equally strong protection – firewalls alone are not enough in today’s environment. In this regard, microsegmentation, the ability to segment and restrict network and device data to pre-authorized groups of users and devices, can be a critical asset for hospitals and medical providers.”

The survey also looked into how healthcare providers are recording and handling data gathered by medical devices. Around 60% of healthcare providers said they were prepared for a device audit at all times, but less than a third of providers were recording device data in actual-time.

Parkinson said: “The importance of having access to real-time data cannot be underestimated. Not only can data analytics help life sciences and healthcare organizations reduce device downtime by ensuring devices are operational, it can significantly improve audit readiness and better inform future purchasing decisions.”

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy