Additional cybersecurity challenges that connected medical devices presented to respondents included embedding vulnerability management into the design phase of medical devices (19.7 percent), monitoring and responding to cybersecurity incidents (19.5 percent), and lack of collaboration on cyber threat management throughout the connected medical device supply chain (17.9 percent).
Jones continued, “Collaboration between providers, manufacturers, and suppliers is key when it comes to bridging the gaps in medical device cybersecurity. This is a problem that requires the industry as a whole to come together and create a safe space where feedback and information can be shared freely.”
Beyond cybersecurity risk management itself, there are post-incident risk management efforts to attend to as well. Few respondents (18.6 percent) say their organizations are “very prepared” to address litigation, internal investigations or regulatory matters related to medical device cybersecurity incidents in the next 12 months.
“As regulatory, litigation, and internal investigation activities start to focus on post-market cybersecurity management, leading organizations are taking a more forensic approach to discerning the timeline and size of cyber incidents so the impact to intellectual property, client data and other areas can be addressed more quickly,” said Scott Read, Deloitte Risk and Financial Advisory principal, Deloitte Transactions and Business Analytics LLP. “Forensic analyses responding to regulator, litigant, or whistleblower concerns may even help predict the next moves of cyberattackers.”https://www2.deloitte.com/us/en/pages/about-deloitte/articles/press-releases/legacy-fielded-medical-...
