Protecting Medical Devices From Cyber Attacks

Uploaded on 2022-08-22 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-Health & Welfare

The healthcare industry has long been a target for cyber attack because of the vast amounts of health information and data such as patient health, product performance, or data from other devices connected to the same network that it holds.

This is the reason why medical devices need to have proper cyber security, which is critical in retaining patient trust in health care technology and clinical practice.

Like all technologies, with any medical device which runs on software, vigilance is required to avoid these devices being vulnerable to cyber security threats. As medical devices become more advanced and the number of Internet connected medical devices grows, it is crucial for healthcare organisations to make sure all their medical devices are secure. 

Patient Data

Patient data is considered the most valuable for criminal purposes and while manufacturers can ensure a high level of safety through testing, the security of connected devices (IoT), from pacemakers to monitoring devices, is a significant target. Attackers could potentially hack into those medical IoTs and steal access individual patient data.  Increasingly patient records are fully digitised and stored in the cloud and sensors used in hospitals carry sensitive information about patients which can be of vital importance if patient records become inaccessible.

Problems With Medical Devices

Using medical devices on clinical networks compounds three related issues:

  • As a medical device, security updates, patches and potentially virus signatures must be properly assessed by the supplier and confirmed as safe before they can be implemented on the medical device. This can take three months from the time that a security update is released.
  • When security updates are released, they are carefully analysed by attackers, increasing the likelihood that exploitable vulnerabilities will become known.
  • Without the latest security mitigations, the impact of vulnerabilities is greatly increased, making exploitation more likely to succeed, and making detection of any exploitation more difficult.

A Collaborative Initiative

Now, the University of Minnesota has established a new Center for Medical Device Cybersecurity (CMDC).The CMDC was formed in response to a request from members of the medical device manufacturing industry in the US to form a collaborative hub for discovery, outreach, and workforce training in the emerging device security field. 

The CMDC will foster university-industry-government collaborations to ensure that medical devices are both safe and secure from the growing number of cyber security threats. The new center builds on expertise from institutes and centers across the University in both the medical device and cyber security.

The CMDC will be housed within the Technological Leadership Institute (TLI), an interdisciplinary center within the College of Science and Engineering. The CMDC is founded and funded in large part by five US leading health industry companies.

In combination, these issues mean that high-impact security incidents become more likely to occur. Security incidents affecting connected medical devices can cause significant disruption to the delivery of healthcare services.

NHS Digital:    Promenade Software:     Secure-iC:      HelpNetSecurity:   Medical Device Network:      I-HLS

You Might Also Read: 

How To Prevent Healthcare Data Breaches:
 

« Blockchain Auditors Say $4m Crypto Theft Enabled By Logging Tech
Re-strategising Resilience In The Remote Working Age »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Research Institute in Science of Cyber Security (RISCS)

Research Institute in Science of Cyber Security (RISCS)

RISCS is focused on giving organisations more evidence, to allow them to make better decisions, aiding to the development of cybersecurity as a science.

Secure Source

Secure Source

Secure Source specialise in search and recruitment for Cyber Security and Security Cleared markets.

National Forensic Sciences University (NFSU) - India

National Forensic Sciences University (NFSU) - India

National Forensic Sciences University is the world’s first and only University dedicated to Digital Forensic and allied Sciences.

Fortanix

Fortanix

Fortanix Runtime Encryption keeps keys, data, and applications completely protected from external and internal threats.

Infodas

Infodas

Infodas provides Cybersecurity and IT consulting / system integration services as well as a range of innovative Cybersecurity products to public sector and commercial clients.

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP) is a 501(c)(3) non-profit organization dedicated to promoting cybersecurity awareness and education.

RiskXchange

RiskXchange

RiskXchange's cybersecurity risk rating solution helps businesses solve complex cybersecurity and compliance challenges by providing a 360-degree view of your cybersecurity posture.

Binare

Binare

Binare empowers companies all over the world to improve their IIot/IoT /Embedded cybersecurity posture and digital privacy.

Hyperproof

Hyperproof

Hyperproof is a cloud-based compliance operations software. Launch new programs immediately, collect evidence automatically, and manage a compliance program intelligently.

NetTech

NetTech

NetTech’s Managed CyberSecurity and Compliance/HIPAA services are designed to help your company prevent security breaches and quickly remediate events if they do happen to occur.

Incognia

Incognia

Incognia have created a ubiquitous private identity based on location behavior, that enables a personalized frictionless experience with mobile apps and connected devices.

DartPoints

DartPoints

DartPoints helps bridge the digital divide by delivering cloud, colocation, managed services + edge infrastructure.

BlueSteel Cybersecurity

BlueSteel Cybersecurity

BlueSteel is a compliance consulting firm that leverages deep system, data and application expertise to build sustainable cybersecurity solutions.

Positka FSI Pte Ltd

Positka FSI Pte Ltd

Positka, being a Splunk Singapore partner, provides Splunk & Phantom Services, Cybersecurity & Risk Management, Analytics & Big Data, Lean Process Optimization, and Managed Security Services.

Domotz

Domotz

Domotz enables IT teams to monitor and manage their networks remotely, while ensuring that the security and the operational efficiency of their organizations are properly maintained.

Monokee

Monokee

Monokee offers a solution that seamlessly integrates powerful Identity and Access Management (IAM) capabilities with a low/no code identity orchestrator.