A survey released on April 20 shows that many medical device security professionals feel they have room for improvement when it comes to complying with the latest regulations and though many say they’re prepared for a cyberattack, the data showed otherwise.
The survey, initiated by product security platform company Cybellum, asked 150 product security experts from various medical device manufacturers around the world about the major challenges they faced and how they planned to tackle them now and in the future. The respondents were all responsible for cybersecurity or product security compliance in medical device companies. The top five challenges identified in the survey results report, “Medical Device Cybersecurity: Trends and Predictions 2022 Survey Report,” included:
- The growing set of tools and technologies,
- Continuous management,
- Business impact,
- Visibility, and
- Compliance
The results also revealed that these challenges got bigger as the size of the company increased and that compliance, though not the top challenge identified, was a serious concern, with only 46 percent of the respondents saying they considered their companies to be compliant with the latest regulations. However, the report added that most companies are committed to getting better in this area as respondents identified “improving the success rate of compliance submissions” as the third highest priority.
With cyberattacks increasing in the health care industry and medical devices a particular target, improving these products’ cybersecurity has become a key focus. However, the survey results suggest that despite 75 percent saying they are better prepared than their competition and nearly all saying they are at least partly prepared for a cyberattack, many companies actually aren’t. Thirty-four percent of those surveyed identified incident response as a weakness and 65 percent said they only test their device firmware a maximum of once a month.
“If your incident response isn’t up to scratch—you’re not prepared,” the report states, suggesting companies still room for improvement when it comes to cyberattack readiness.