Protecting Medical Devices From Cyber Attacks

The healthcare industry has long been a target for cyber attack because of the vast amounts of health information and data such as patient health, product performance, or data from other devices connected to the same network that it holds.

This is the reason why medical devices need to have proper cyber security, which is critical in retaining patient trust in health care technology and clinical practice.

Like all technologies, with any medical device which runs on software, vigilance is required to avoid these devices being vulnerable to cyber security threats. As medical devices become more advanced and the number of Internet connected medical devices grows, it is crucial for healthcare organisations to make sure all their medical devices are secure. 

Patient Data

Patient data is considered the most valuable for criminal purposes and while manufacturers can ensure a high level of safety through testing, the security of connected devices (IoT), from pacemakers to monitoring devices, is a significant target. Attackers could potentially hack into those medical IoTs and steal access individual patient data.  Increasingly patient records are fully digitised and stored in the cloud and sensors used in hospitals carry sensitive information about patients which can be of vital importance if patient records become inaccessible.

Problems With Medical Devices

Using medical devices on clinical networks compounds three related issues:

  • As a medical device, security updates, patches and potentially virus signatures must be properly assessed by the supplier and confirmed as safe before they can be implemented on the medical device. This can take three months from the time that a security update is released.
  • When security updates are released, they are carefully analysed by attackers, increasing the likelihood that exploitable vulnerabilities will become known.
  • Without the latest security mitigations, the impact of vulnerabilities is greatly increased, making exploitation more likely to succeed, and making detection of any exploitation more difficult.

A Collaborative Initiative

Now, the University of Minnesota has established a new Center for Medical Device Cybersecurity (CMDC).The CMDC was formed in response to a request from members of the medical device manufacturing industry in the US to form a collaborative hub for discovery, outreach, and workforce training in the emerging device security field. 

The CMDC will foster university-industry-government collaborations to ensure that medical devices are both safe and secure from the growing number of cyber security threats. The new center builds on expertise from institutes and centers across the University in both the medical device and cyber security.

The CMDC will be housed within the Technological Leadership Institute (TLI), an interdisciplinary center within the College of Science and Engineering. The CMDC is founded and funded in large part by five US leading health industry companies.

In combination, these issues mean that high-impact security incidents become more likely to occur. Security incidents affecting connected medical devices can cause significant disruption to the delivery of healthcare services.

NHS Digital:    Promenade Software:     Secure-iC:      HelpNetSecurity:   Medical Device Network:      I-HLS

You Might Also Read: 

How To Prevent Healthcare Data Breaches:
 

« Blockchain Auditors Say $4m Crypto Theft Enabled By Logging Tech
Re-strategising Resilience In The Remote Working Age »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Acuity RM Group

Acuity RM Group

Acuity RM Group helps businesses worldwide effectively manage, prioritize and report on their risks to inform strategic and tactical decision-making and build long-term resilience.

FAMOC

FAMOC

FAMOC is an enterprise mobile management solution that delivers comprehensive security and management for applications, documents, email, and mobile devices.

CS Group

CS Group

CS Group offers a complete range of security solutions from consultancy to security maintenance and from secure infrastructure design to security governance.

TechGuard Security

TechGuard Security

TechGuard Security was founded to address national cyber defense initiatives and US critical infrastructure security.

Novastor

Novastor

NovaStor® is an award-winning, international data backup and recovery software company with solutions supporting physical, virtual and cloud environments.

Authomize

Authomize

Authomize aggregates identities and authorization mechanisms from any applications around your hybrid environment into one unified platform so you can easily and rapidly manage and secure all users.

BlackRidge Technology

BlackRidge Technology

BlackRidge Technology develops, markets and supports a family of products that provide a next generation cyber security solution for protecting enterprise networks and cloud services.

Informatics International

Informatics International

Informatics is a leading ICT provider in Sri Lanka, providing cutting-edge software & infrastructure solutions and services including cyber security.

Park Place Technologies

Park Place Technologies

Park Place Technologies' mission is to drive uptime, performance and value for critical IT infrastructure.

GetHacked.ca

GetHacked.ca

GetHackded.ca is a certified company offering penetration testing and specialized cybersecurity services.

Beetles Cyber Security

Beetles Cyber Security

Beetles is a crowdsourced penetration testing platform designed to build a trusted, hacker-centric approach to protectan organization’s digital attack surface.

Ironblocks

Ironblocks

Ironblocks is a pioneering cybersecurity firm that specializes in delivering comprehensive, end-to-end security solutions for the rapidly evolving Web3 ecosystem.

TeKnowledge

TeKnowledge

TeKnowledge enables governments and enterprises around the world to navigate the challenges with digital transformation today and tomorrow with elite cybersecurity protection and managed services.

eGeneration

eGeneration

eGeneration is one of the leading technology solutions and system integration companies in Bangladesh.

Sinergi Digital

Sinergi Digital

Sinergi Digital is a business unit of the Metrodata Group with a focus on providing ICT solution to help accelerating digital transformation.

Pantherun Technologies

Pantherun Technologies

Pantherun is a pioneering force in the realm of encryption technology and data protection solutions.