While healthcare providers have been implementing technical, administrative and physical safeguards related to patient information, they have not been as diligent in securing their medical devices. These devices are critical to patient care and can leave hospitals at risk for cyberattacks, causing major disruptions to patient care.

In fact, 88 million individuals were affected by large breaches, compromising vast amounts of electronic protected health information (ePHI) last year according to the U.S. Department of Health & Human Services. This year, several large healthcare providers have again been impacted by cyberattacks, including Change Healthcare, Kaiser Permanente and Ascension. “Synnovis, a key provider of laboratory and diagnostic services in London, fell victim to a ransomware attack causing widespread disruptions,” reported Halcyon. The attack affected several hospitals including Guy’s, St Thomas’ and King’s College, Evelina Children’s Hospital, Royal Brompton, the Harefield specialist heart and lung hospitals and the Princess Royal Hospital in Orpington, reported The Guardian.

The total number of worldwide hospitals is expected to reach 166,548 by 2029, according to a report by Statista .The average number of connected medical devices per hospital bed is approximately 10 to 15, according to the HIPAA Journal. This data suggests that there will be 1.67 million connected medical devices worldwide by 2029, with many devices manufactured without a secure-by-design approach. According to a survey by the Ponemon Institute and Proofpoint, 89% of healthcare organizations have experienced close to one attack per week. The risk is compounded because 53% of healthcare organizations said they lack the in-house expertise to address cybersecurity issues. These numbers are alarming, given the vast amount of interconnected medical devices in hospitals.