Cybersecurity Threats in Healthcare Medical Devices
Brought to you by WBR Insights
Industry 4.0 technology is creating amazing new opportunities for business. Innovative technologies are allowing global industries to better serve customers through deeper understanding, improved communication, and more streamlined processes.
However, the proliferation of connected devices and the data which flows through them brings with it a serious problem. Connected technology isn't just creating new opportunities for businesses, but for criminals as well. Cybersecurity is and has been a hot topic, and it's rare for more than a few months to pass without news of some major data breach hitting the headlines.
Healthcare, in particular, has much to be concerned about when it comes to cybersecurity. Due to the nature of the work being done in the sector, it's more important than ever that patient data is treated with the reverence and respect it deserves.
Cybersecurity and Healthcare
Despite an increased awareness of the problem and sophisticated countermeasures being put into place, 89 percent of healthcare organizations have experienced a data breach in the last two years. It's predicted that data breaches and related failures will cost the sector around six trillion dollars over the next three years.
Due to the highly sensitive nature of healthcare data, it probably won't surprise you to learn that ransomware - the act of holding data hostage and threatening to make it public or destroy it unless a ransom is paid - is the most common cybersecurity threat aimed at the industry. Around a quarter of healthcare organizations have paid a ransom to cybercriminals. More concerning is the prediction that ransomware attacks on the healthcare sector will quadruple by 2020.
Medical Device Security
The Internet of Things is transforming healthcare, of that there is little doubt.
Connected medical devices are empowering doctors to monitor the condition of patients 24/7 and facilitating improved experiences, clinical outcomes, and saving lives. Field service providers can move from reactive to predictive maintenance to address problems earlier than ever thanks to connected sensors warning of imminently failing components. The sensors also spot patterns of breakdowns, which can inform future product development.
However, like many IoT innovations, connected medical devices are extremely vulnerable to cybersecurity threats.
In the first quarter of 2019, a government-backed coalition of manufacturers and healthcare providers decided to take matters into their own hands and released a mandate which laid out suggestions for medical devices and the security protocols they should be equipped with. The 53-page document was composed and released by the Healthcare & Public Health Sector Coordinating Councils in collaboration with other organizations such as the Mayo Clinic and the FDA.
"It marks a sea change," said Council Executive Director, Greg Garcia. "Companies and hospitals are finally signaling they are willing to cooperate on fixing the problem, rather than saying it's the other's responsibility to fix. The big picture is this is truly a recognition that this is a shared responsibility. The circular finger pointing should end."
The federal government has so far neglected to pass new laws and regulations on the matter and the document consists of what effectively amounts to a voluntary to-do list for medical device manufacturers to use as a guide.
The onus, therefore, is on manufacturers and those responsible for the service and maintenance of such equipment to make sure that appropriate measures are taken, and the defenses of their medical devices are appropriately shored up against any potential cybersecurity threats.
Looking Forward
The document won't fix the medical device security issue immediately, but it will help manufacturers understand what is needed from them.
Manufacturers and hospitals will understand exactly how field service providers will scan for cybersecurity vulnerabilities and how they'll be patched and on what timescale. They should also lay out a roadmap for how long new products will be supported with security updates. With many hospitals relying on legacy systems, they need to know when their devices will reach the end of their useful lives, so they can plan when to upgrade and avoid the increased security threat which comes with outdated and unsupported equipment.
"This begins to resolve the tension between medical device makers and hospitals," added Garcia. "Because device makers have not been building security in over the past several years and, meanwhile, hospitals have not been doing enough to secure their broader networks."
Final Thoughts
Cybersecurity will continue to be a serious concern for the medical device industry as we move into the third decade of the 21st Century. However, now that healthcare providers and manufacturers are beginning to collaborate on solutions for these issues, the criminals which target them are likely to have a far more difficult time.
Cybersecurity in the medical device industry is set to be a hot topic at Field Service Medical 2020, taking place in February at the Rancho Bernardo Inn, San Diego, CA.
Download the agenda today for more information and insights.