A report that highlights the vulnerabilities in medical devices and the risks they pose to patient health issued by Independent Security Evaluators comes at an opportune time as the past month has shown that hospitals are becoming targets for criminals.Download the March 2016 digital issueInside: What you need to know about staffing up for IoT, how cloud and SDN set Veritas free & much more!READ NOWTed Harrington, executive partner at Independent Security Evaluators said, “It’s a scary report in a lot of ways, but our hope is to organize an industry in recognizing these problems. We are trying to make an entire industry start changing, especially one that is very regulated and complex. The conversations need to start happening.”What the report also evidenced is that the health care industry, guided by strict regulations for protecting patient data, “Has focused almost exclusively on protecting patient data and not patient health. The focus is entirely on making sure the patient’s record is protected and not tampered with, but that doesn’t directly correlate to protecting the patient” Harrington said.These findings are not entirely new according to security expert Billy Rios, who said he’s been fighting for stronger security in medical devices for five or six years now. The vulnerabilities in infusion pumps that Rios brought to light last year are but one example. ALSO ON CSO: The 15 worst data security breaches of the 21st century”The Telmed pump is not even a vulnerability. It’s poor design, poor architecture. There is no patch for that. You can’t patch the fact that a pump is running. It requires significant configuration changes,” Rios said.Regulations are not the panacea to the issues of cyber security, and Rios said that he dislikes regulations. At issue, though, is the reality that unless vendors are compelled to do something, they won’t.