CyberMDX/Philips/Ipsos Study: Perspectives in Healthcare Security

A new report from CyberMDX/Philips/Ipsos examines the attitudes, concerns, and impacts on medical device security as well as cybersecurity across large and midsize healthcare delivery organizations.

The author(s)

  • Jocelyn Duran Account Manager, US, Public Affairs
  • Mallory Newall Vice President, US, Public Affairs
Get in touch

New York, NY, August 16, 2021CyberMDX, a leading cybersecurity provider dedicated to protecting IoT and medical devices for health delivery worldwide, announced the release of the Perspectives in Healthcare Security Report. The report, done in collaboration with Philips, examines attitudes, concerns, and impacts on medical device security and cybersecurity across large and midsize healthcare delivery organizations. Insights include how they correlate and diverge.

Healthcare is one of the most targeted industries. A recent report from HHS cited a total of 82 ransomware incidents so far this year worldwide, with 60% of them impacting the United States health sector. Whether the hack is committed by notorious gangs such as REvil or Conti or lesser-known hackers, hospitals now account for 30% of all large data breaches and at an estimated cost of $21 billion in 2020 alone.


 Key Findings:

  • Ransomware is Attacking the Bottom Line - 48% of hospital executives reported either a forced or proactive shutdown in the last 6 months due to external attacks or queries.
  • Midsize hospitals feeling more pain - Of respondents that experienced a shutdown due to external factors, large hospitals reported an average shutdown time of 6.2 hours at the cost of $21,500 per hour, while midsize hospitals averaged nearly 10 hours at more than double the cost or $45,700 per hour.
  • Cybersecurity Investment Not a High Priority - Despite continuing cyber-attacks against healthcare and roughly half of respondents experiencing an externally motivated shutdown in the last 6 months, more than 60% of hospital IT teams have “other'' spending priorities, and less than 11% say cybersecurity is a high priority spend.
  • Dangerous Vulnerabilities Still Not Dealt With - When asked about common vulnerabilities such as BlueKeep, WannaCry, and NotPetya, the majority of respondents said their hospitals were unprotected. 52% of respondents admitted their hospitals were not protected against the Bluekeep vulnerability, and that number increased 64% for WannaCry and 75% for NotPetya.
  • Lack of Automation Creates Gaps in Security - 65% of IT teams in hospitals rely on manual methods for inventory calculations, with 7% still in full manual mode. In addition, 15% of respondents from midsize hospitals and 13% from large hospitals admitted they could not determine the number of active or inactive devices within their networks.
  • Is there a Staffing Disconnect? - While 2/3 of IT teams believe they are adequately staffed for cybersecurity, more than half of Biomed teams believe more staff is needed. Conversely, the industry has been experiencing a cybersecurity talent shortage and a 100+ day lag to fill jobs.
  • Cyber Insurance and Compliance are Popular Options - 58% of IT teams consider compliance “almost always” and rate it a high impact on their jobs. Similarly, 58% also said they had cyber insurance.

The report is a continuation of the partnership between Philips and CyberMDX announced in November 2020. It represents their joint commitment to providing solutions to protect connected medical systems and devices.

Details are provided in the Perspectives in Healthcare Security report attached to this post.


About the Study

This Ipsos study was conducted May 21-July 16, 2021 on behalf of CyberMDX and Philips. This study was conducted online, double-blinded, among 130 hospital executives in Information Technology and Information Security roles, as well as BioMed technicians and engineers. The respondents, who averaged 15 years of experience in their fields, provided insight into the current state of medical device security within hospitals as well as highlighted the challenges their organizations face.

About Ipsos

Ipsos is the world’s third largest Insights and Analytics company, present in 90 markets and employing more than 18,000 people.

Our passionately curious research professionals, analysts and scientists have built unique multi-specialist capabilities that provide true understanding and powerful insights into the actions, opinions and motivations of citizens, consumers, patients, customers or employees. We serve more than 5000 clients across the world with 75 business solutions.

Founded in France in 1975, Ipsos is listed on the Euronext Paris since July 1st, 1999. The company is part of the SBF 120 and the Mid-60 index and is eligible for the Deferred Settlement Service (SRD).

ISIN code FR0000073298, Reuters ISOS.PA, Bloomberg IPS:FP


The author(s)

  • Jocelyn Duran Account Manager, US, Public Affairs
  • Mallory Newall Vice President, US, Public Affairs