Given that an electronic medical health record (EHR) is worth hundreds, even thousands of dollars on the black market – compared to just 25 cents for a typical credit card number1 – it is no surprise that healthcare is increasingly targeted by hackers. The Achilles’ heel? Unsecured connected medical devices.
Globally, some 10 to 20 percent of medical devices at most hospitals are connected, and that number is growing rapidly.2 Unfortunately, connected devices older than two or three years have little to no device security: if there is a password at all, it is usually something default like “12345” or “Admin.” Even devices with security protections are often not configured appropriately within the hospital network to actually be secure.
But medical devices within hospitals aren’t the only concern. The trend in healthcare – encompassing hospitals, clinics, and even the local doctor’s office – is to provide patients with wearable medical devices to track, record, and report on physical health.
Consumer attitudes toward wearable medical devices were explored in the Unisys Security Index. The results showed that 78% of consumers supported wearable medical devices such as pace makers or blood sugar sensors that could immediately transmit any significant physical health changes to a doctor. Concerns about security were equally strong, with many consumers stating they are uncomfortable sharing their personal health data with others unless there is a strong need or benefit attached to it. In general, consumers are willing to share their personal data with organizations when they perceive that their health and safety will be protected by doing so, but not for other reasons. They understandably want to have control over their personal data and who sees it. They need a very compelling reason to share data to offset the loss of privacy and the risk to their personal information.
As wearables are adopted in the mainstream, people will become keenly aware of the risks and vulnerabilities they pose. Hospitals and healthcare organizations must meet this increased awareness with the reassurance that they have patient-centric protections in place to secure people’s personal data – and their physical well-being – against all manner of cyberattacks.
For more insights on consumer attitudes and perceptions with respect to security in healthcare, read the full paper Leading-Edge Healthcare Needs Leading-Edge Security.
[1] Yao, Mariya. “Your Electronic Medical Records Could Be Worth $1000 To Hackers,” Forbes, April 14, 2017.
[2] The Healthcare Information and Management Systems Society (HIMSS).
