Download
1 / 4
40 likes | 43 Views
If we are to go to the hospital today, you would encounter at least 10 medical devices during your visit. Because of this increased connectedness of medical devices, hackers are starting to target medical devices and could Protected Health information (PHI) or even worse, hurt a patient by disabling or corrupting the functioning of these devices. For more details visit: https://www.iisecurity.in/courses/hipaa-training.php
E N D
Security of Health Care Devices Introduction Did you know? It is established that 1 out of every 4 medical devices is now connected. If we are to go to the hospital today, you would encounter at least 10 medical devices during your visit. Because of this increased connectedness of medical devices, hackers are starting to target medical devices and could Protected Health information (PHI) or even worse, hurt a patient by disabling or corrupting the functioning of these devices. Some vulnerable medical devices •Magnetic Resonance Imaging (MRI) •Picture Archiving and Communication System (PACS) •Implantable Cardioverter-Defibrillator (ICD) •Drug Infusion Pumps •Identification and Antibiotic Susceptibility Testing devices •X-Rays •Defibrillators
As the medical device industry is transforming, implantable devices are often dependent on software to save countless lives. But how secure are they? As the examples below show, security researchers have been uncovering security flaws in medical devices for quite a few years now. •Medical device hacks – The average hospital room can contain as many as 15-20 connected medical devices on average •Ransomware – One-quarter of SamSam ransomware attacks targeted healthcare organizations in 2018 Hacked medical devices could wreak havoc on health systems What needs to be done? The health care industry has lagged behind other industries in protecting its main stakeholder (i.e. patients), and now hospitals must invest considerable capital and effort in protecting their systems. This is easier said than done because hospitals are extraordinarily technology-saturated, complex organizations with high-end point complexity, internal politics, and regulatory pressures. Though security and safety issues in the medical domain take many different forms there are some recommended security standards to address the risks in networked devices: •Medical device manufacturers must emphasise on device security at the initial stage, then as an afterthought to avoid unnecessary costs and last-minute shortcuts that developers take to push in some form of the security factor. •Use strong passwords to protect all external connection points. •Develop on-time patch management, update IT security policies and vulnerability assessments. •Increase awareness among all stakeholders including physicians, CMIOs (Chief Medical Information Officers) and clinical engineering teams about current and potential medical device vulnerabilities. •Protect infrastructure from threats like malware and hacking attacks with a reliable security solution. •Take a backup of critical information at regular intervals and keep a copy of it offline. IT, risk and compliance staff in hospitals and clinics should anticipate future medical device security risks and address them along with the existing risks to provide patient safety and protected health information. Secure Design and Usability Cybersecurity is not simply a feature we can add to the system, its actually an emergent property of a well-designed system. Moreover, it is extremely important that manufacturers and companies dealing
with medical devices begin to implement security strategies right from the inception of a device up to its commercialisation. Building cybersecurity into devices from the start helps reduce risks and the cost of security compliance. What if you have passed design time so that you have a physical device, be there a prototype device or medical device already out in the field? To do this there are Ethical Hackers who study hacking, practice hacking and hack stuff. Their job is to test the defences, tell the medical product manufacturers what type of attacks they tried and what worked. They offer advice on how to make it better and will do it all in safe circumstances. Having an ethical hacker attack a device is a great way to help design medical devices worthy of our trust. Conclusion To sum up, there is a significant opportunity for the medical device industry to come together and lead to the standards necessary to strengthen device security. •Healthcare data has become a choice target for criminals and breaches are on the rise •Cyber threats to data are coming from a variety of sources •PHI (Protected Health Information) has increased in value on the black market Now let’s not have an impression that connected medical devices are all ‘Doom and gloom’. The truth is connected medical devices allow us to provide a better quality of patient care. For example, think of a diabetic child who is able to go to her very first sleep-over because she now has a connected insulin pump that allows her parents to remotely monitor her glucose levels and deliver insulin if she needs it. Connected medical devices like pacemakers can allow someone who may have lived a very dependent life to now leads an independent one. This connected pacemaker can now potentially call for help if that patient becomes unresponsive. The benefit of connected medical devices are always from the risks and the ethical hackers are working really hard to make sure that the connected medical devices out there are worthy of our trust. No one product can claim to be hack-proof, but successful and responsible companies assess, mitigate, and constantly monitor the ever-present threats to critical assets. Contact Us: Institute of Information Security Email - info@iisecurity.in Website - https://www.iisecurity.in/
