The use of connected devices in healthcare is driving innovation and offering new ways to assist medical staff. However, the introduction of the Internet of Things (IoT) has expanded the attack surface that his IT decision makers in the healthcare industry must address.
A new report from Armis finds that many UK National Health Service (NHS) trust cybersecurity leaders face a lack of visibility into their connected assets, a challenge to meeting security requirements. It turns out.
Thirty-five percent of NHS trusts said they have automated systems to track all connected assets and 59% said they update information on all assets when changes occur, but when it comes to IoT There are still many blind spots.
For example, one-third of trusts surveyed admitted that they had no way to track IoT devices, and 10% said they use manual processes or spreadsheets to track them.
Additionally, 15% of trusts admit they do not track connected medical devices (IoMT), and one in five say they use manual processes or spreadsheets to track these assets. said.
Additionally, 19% of respondents believe that information about connected medical devices in their inventory system is never updated or only updated annually.
lack of resources
A primary reason for this lack of visibility is a lack of resources, with 38% of Trusts IT decision makers admitting that they do not have enough staff to meet the demands placed on them, and 23% say they do not have enough staff to meet their demands. I admit I don’t have the right resources. It can replace legacy medical devices and unsupported medical devices.
These technology gaps make it difficult for NHS trusts to gather evidence to conduct Data Security Protection Toolkit (DSPT) assessments and to remediate cybersecurity issues within the required two weeks. Yes, a respondent told Armis.
This could have serious consequences, not only for regulatory compliance but also opening the door to more cybersecurity incidents and even safety flaws, said Mohammad, principal solutions architect at Armis. Wakas said in an official statement. The Trust environment, including third-party assets, is key to establishing a resilient security strategy and proactively reducing the attack surface. […] Especially for connected medical devices (IoMT) that are hard to keep up to date, being able to monitor them and understand their behavior and risks in real time is key to ensuring safety and complying with the latest regulations. becomes. ”
“In order to close these gaps and improve the operational efficiency of NHS trusts, allowing staff to focus on core functions and enabling insight into threat intelligence and clinical equipment utilization, multiple use cases are being explored. We need to bring in the right technology partners to solve and bridge the technology “gap,” he added.
The results of the Armis report were obtained from a Freedom of Information (FOI) request to the UK’s NHS Trust.
