Skip to main content
close search
site logo
Dive Brief

Moody's warns medtech is highly vulnerable to cyberattacks

Published March 1, 2019
By
Contributor
Getty Images

Dive Brief:

  • A new Moody’s report warns the medical device industry is highly vulnerable to cyber risks, largely thanks to the proliferation of insulin pumps, cardiac monitors and other devices that connect to the internet.

  • However, the credit rating agency thinks attacks would have just a moderate impact on the medtech sector and that it faces smaller overall risks than the broader healthcare industry.

  • The Moody’s warning comes against a backdrop of rising recognition of the cyber vulnerabilities of medical devices. Over the past year, FDA has proposed delineating medical devices based on whether they can directly harm patients if hacked and HHS has opened its cybersecurity coordination center.

Dive Insight:

The potential for cyber attacks to disrupt businesses and entire industries has caught the attention of ratings agencies such as Moody’s, which said the medical device industry has more than $200 billion of rated debt. The likelihood of creditors getting that money back rests, in part, on the ability of the debtors to avoid business-threatening events such as severe cyber attacks.

In analyzing risk in the medical device industry, Moody’s zeroed in on the increasingly widespread use of insulin pumps, defibrillators and cardiac monitoring devices that provide patients and remote caregivers with real-time information.

These devices send data over the internet, creating opportunities for hackers to intercept personal health information. The fact the devices are online also creates a risk that a hacker could remotely modify their settings.

Moody’s cites the 2017 recall of 465,000 Abbott pacemakers to make its case. The devices were recalled after Abbott learned of a vulnerability that could have allowed a hacker to modify the pacing commands or accelerate depletion of the battery. Exploitation of the vulnerability could have put patients at risk and, by extension, threatened Abbott’s ability to pay down its debt.

Even so, Moody’s thinks the impact of cyber attacks on other industries may be more severe, leading it to class medtech as a medium-high risk sector. Moody’s thinks the nine sectors in that group have some common features.

"These sectors have multiple vulnerabilities that make them cyber attack targets. They rely heavily on technology to operate, although they have some ability to reduce the operational impact of an attack through established manual processes. However, a significant data breach or prolonged disruption of operations would result in meaningful impact that reputational effects could further amplify," the agency wrote in its report.

Moody’s awarded its highest risk rating to healthcare and three other sectors. The agency classed healthcare as being both highly vulnerable to cyber attacks and likely to suffer major harm as a result of them. That view is partly based on the fact that "a breach of medical technology would pose an immediate threat that could harm the reputation of the hospital or lead to ransom demands."

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Powerful Medical Becomes the First Company to Win Best Science Startup and Overall Winner at A…
From Powerful Medical
November 21, 2024
Arsenal Medical Launches EMBO-02 Study for NeoCast™ to Assess Treatment of Chronic Subdural He…
From Arsenal Medical
November 14, 2024
SYNDEO Medical Announces European MDR Approval for Two Product Brands
From SYNDEO Medical
November 06, 2024
Lunit Shows Promise of AI in Predicting Immunotherapy Response for Rare Cancer Patients at SIT…
From Lunit
November 10, 2024
Editors' picks
Latest in Digital Health
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell