A few days ago, cybersecurity companies CyberMDX and Philips released a new report covering spending and trends in cybersecurity for medium and large hospitals. The report surveyed 130 IT healthcare industry decision makers to understand how they manage the thousands of medical devices used in most hospitals today.
Among the respondents of this survey, more than 31% of respondents work in hospitals with less than 10,000 medical equipment; 29% of respondents work in hospitals with less than 25,000 medical equipment; nearly 20% of respondents Work in a hospital with less than 50,000 devices deployed.
The report data shows:
While most respondents were well aware of how many devices were deployed in their hospitals, 15% of midsize hospitals and 13% of large hospital workers had no idea how many devices were online in their hospitals. Nearly half of respondents believe they are understaffed in medical device and IoT security, with the average statistic for the number of cybersecurity staff in the hospitals where most respondents are: 12 or 13.
Nearly 40% of large hospitals use IoT security solutions to protect their equipment; 16% of large hospitals rely on security services provided by medical equipment manufacturers; some turn to IT equipment vendors or 3rd party system integrators business. The findings for mid-sized hospitals were nearly identical, but were more reliant on medical device manufacturers for safety.
Respondents listed NotPetya, MDHex, MDHexRay, Ryuk, Wannacry, Apache Struts, BlueKeep as the most common vulnerabilities. More than 51% of respondents said their hospitals had no protection against the Bluekeep vulnerability.
The average annual IT expenditure for large and medium-sized hospitals is about $3 million to $3.5 million. Of that, an average of $300,000 per year is spent on medical devices and IoT cybersecurity. Nearly 80 percent of large and medium-sized hospitals measure cybersecurity ROI through logs of major attacks, while also using “total number of critical vulnerabilities found” and “time saved” as measures of security success.
More than 50% of hospital executives said they had been forced or voluntarily shut down equipment due to an external attack in the past six months. Mid-sized hospital struggles during medical equipment downtime. Large hospitals faced an average of 6.2 hours of downtime and $21,500 in damages per hour. The situation is even worse for midsize hospitals, where IT directors report an average of 10 hours of downtime and $45,700 in lost hourly costs.
The Links: EL640350-DA1 https://www.slw-ele.com/ltm10c286.html“> LTM10C286