Hospitals struggle with visibility of connected medical devices
A new survey of CISOs at North American hospitals finds that 43 percent identified complete device visibility as the challenge they would most want to solve immediately, followed by ransomware threat detection (24 percent) and compliance automation (22 percent).
The study from Asimily also uncovered fragmentation in how hospital security teams approach vulnerability remediation. Only 22 percent of hospital CISOs base their prioritization on device usage and criticality, which is the most effective method for focusing resources on the highest-risk assets. Meanwhile, 18 percent rely on manual review and 15 percent report having no clear process at all for addressing IoMT (Internet of Medical Things) vulnerabilities.
“Hospital CISOs are challenged with protecting many thousands of network-connected devices while navigating organizational silos, data overload, budget constraints, and ensuring patient care isn’t disrupted,” says Shankar Somasundaram, CEO of Asimily. “This survey reinforces that visibility is the critical first step, but it has to be paired with the ability to prioritize and act on what you find. Hospital cybersecurity leadership needs strategies that can connect the dots between device discovery, risk prioritization, and remediation (including segmentation), while also working across the clinical engineering, IT, and security teams that share responsibility for these patient-critical systems.”
When asked about the biggest barriers to effective connected medical device risk management, one-third point to internal process issues, closely followed by lack of visibility (30 percent) and data overload (20 percent).
Among suggestions to reduce the risk are adopting platforms that provide a single view of IT, IoT, IoMT, and OT devices to eliminate blind spots and enable holistic risk assessment, along with moving beyond CVSS scores alone by factoring in which devices are most essential to patient care and whether network segmentation already mitigates certain risks.
You can find the full report, with more tips to manage exposure across all cyber assets, on the Asimily site.
Image credit: Anekoho/Dreamstime.com
