Philips Healthcare’s Medical Device Cybersecurity Measures

Brought to you by WBR Insights



Cybersecurity is a massive concern for healthcare providers with 89 percent thought to have experienced a data breach in the last two years. As our world becomes ever more connected - and industry along with it - the risk of cyber-attacks will likely be felt ever more keenly.

Recent research has revealed that almost 100 percent of web applications connected to critical health information are vulnerable to cyber-attacks. To put this in context, it is estimated that the loss of data and related failures caused by these attacks will cost healthcare providers around 6 trillion dollars in damages over the next three years.

82 percent of surveyed healthcare organizations agree that digital security is one of their foremost concerns and, as a leading figure in the industry, Philips Healthcare is at the forefront of addressing the problem of medical device cybersecurity.

Philips Healthcare

Obviously, the need for data security is of paramount importance to all businesses which hold information on their customers/clients. However, with healthcare providers holding some of the most sensitive data possible, the need is perhaps more critical in this industry than in others.

"The medical device industry has historically been behind other industries in cybersecurity defense but companies such as Philips are rapidly stepping up to advance the state of the art," said Philips' Head of Global Product Security & Services, Michael McNeil. "I am convinced that cybersecurity cannot be seen as a device manufacturer issue alone. Collaboration between hospitals, manufacturers, regulatory agencies such as the FDA, and the research community are essential to successful end-to-end protection of hospitals and their patients."

The internet of things is one of the most promising elements of Industry 4.0 technology regarding medical devices. The ability to have these devices connected to the internet allows healthcare providers to monitor the condition of patients 24/7 and react to any changes with unprecedented agility - improving the patient experience, clinical outcomes, and even saving lives.

However, the Internet of Things is also one of the most vulnerable corners of Industry 4.0 technology with attacks on IoT devices up over 600 percent between 2017 and the following year. IoT attacks are attractive to hackers because these devices are becoming so ubiquitous in both consumer and industrial markets and are often not built with cybersecurity at the fore.

Sadly, this extends to the medical device market as well, evidenced by the vulnerability statistics quoted earlier in this article.

However, all is not lost, and medical device manufacturers such as Philips are devoting new and dedicated efforts to making sure that the incredibly sensitive data which passes through and is generated by their devices is treated with the seriousness and respect that it deserves.

The Device Lab

To this end, Philips has joined up with the Biohacking Village to put its own medical devices through the rigor of expert and scientific testing at the Device Lab.

The Device Lab is a special innovation center which asked medical device manufacturers to hand over their products and have them subjected to a series of cybersecurity attacks which will establish how effective the protections put in place by the manufacturers are. The Device Lab was backed by the FDA.

"[The Device Lab is] a unique exercise designed to champion the principles of trustworthiness, transparency, and resilience that underlie the FDA's approach to medical device manufacturer cybersecurity," reported Philips. "During the event, participants will seek to gain cyber-access to an array of medical devices to gain valuable information on how to help to protect them with new techniques."

With nearly all connected devices possessing some kind of security vulnerability, the Device Lab is an amazing way for medical device manufacturers to get independent and expert insight into their products. This information can then filter down to product designers so they can use it when developing new devices.

The data can also be made available to field service providers within Philips, allowing them to upgrade the devices they're responsible for with the latest cybersecurity measures and avoid any future breaches before they happen. Not only will this improve the service provided by Philips devices, but will also improve the customer experience, as Philips taking proactive action on cybersecurity will raise its profile in the eyes of its field service clients.

Final Thoughts

The healthcare industry needs to catch up when it comes to cybersecurity and outside agencies, such as the device lab, combined with manufacturers and field service providers need to work together to put the required measures into place.

"For both its own products and the third-party software in its systems, Philips has a policy of proactive cybersecurity information sharing," said McNeil. "Philips also supports industry-wide standardization of customer security questionnaires, so that customers can get the information they need faster and more efficiently."


You can hear Philips' Director of Global Field & Customer Service, Eric Paulik speak at Field Service Medical 2020, taking place in February at the Rancho Bernardo Inn, San Diego, CA.

Download the agenda today for more information and insights.