Protecting Medical Devices From Cyber Attacks

Uploaded on 2022-08-22 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-Health & Welfare

The healthcare industry has long been a target for cyber attack because of the vast amounts of health information and data such as patient health, product performance, or data from other devices connected to the same network that it holds.

This is the reason why medical devices need to have proper cyber security, which is critical in retaining patient trust in health care technology and clinical practice.

Like all technologies, with any medical device which runs on software, vigilance is required to avoid these devices being vulnerable to cyber security threats. As medical devices become more advanced and the number of Internet connected medical devices grows, it is crucial for healthcare organisations to make sure all their medical devices are secure. 

Patient Data

Patient data is considered the most valuable for criminal purposes and while manufacturers can ensure a high level of safety through testing, the security of connected devices (IoT), from pacemakers to monitoring devices, is a significant target. Attackers could potentially hack into those medical IoTs and steal access individual patient data.  Increasingly patient records are fully digitised and stored in the cloud and sensors used in hospitals carry sensitive information about patients which can be of vital importance if patient records become inaccessible.

Problems With Medical Devices

Using medical devices on clinical networks compounds three related issues:

  • As a medical device, security updates, patches and potentially virus signatures must be properly assessed by the supplier and confirmed as safe before they can be implemented on the medical device. This can take three months from the time that a security update is released.
  • When security updates are released, they are carefully analysed by attackers, increasing the likelihood that exploitable vulnerabilities will become known.
  • Without the latest security mitigations, the impact of vulnerabilities is greatly increased, making exploitation more likely to succeed, and making detection of any exploitation more difficult.

A Collaborative Initiative

Now, the University of Minnesota has established a new Center for Medical Device Cybersecurity (CMDC).The CMDC was formed in response to a request from members of the medical device manufacturing industry in the US to form a collaborative hub for discovery, outreach, and workforce training in the emerging device security field. 

The CMDC will foster university-industry-government collaborations to ensure that medical devices are both safe and secure from the growing number of cyber security threats. The new center builds on expertise from institutes and centers across the University in both the medical device and cyber security.

The CMDC will be housed within the Technological Leadership Institute (TLI), an interdisciplinary center within the College of Science and Engineering. The CMDC is founded and funded in large part by five US leading health industry companies.

In combination, these issues mean that high-impact security incidents become more likely to occur. Security incidents affecting connected medical devices can cause significant disruption to the delivery of healthcare services.

NHS Digital:    Promenade Software:     Secure-iC:      HelpNetSecurity:   Medical Device Network:      I-HLS

You Might Also Read: 

How To Prevent Healthcare Data Breaches:
 

« Blockchain Auditors Say $4m Crypto Theft Enabled By Logging Tech
Re-strategising Resilience In The Remote Working Age »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Redcentric

Redcentric

Redcentric is a leading UK IT managed services provider. We deliver managed IT, cloud computing, data backup, information security services and managed networks.

Cybersecurity Philippines CERT (CSP-CERT)

Cybersecurity Philippines CERT (CSP-CERT)

Cybersecurity Philippines CERT is the national Computer Emergency Response Team for the Philippines.

Cyber Senate

Cyber Senate

Cyber Senate is dedicated to bringing Operators of Essential Services together with global subject matter experts to address the challenges of evolving cyber threats to critical infrastructure.

Tech Mahindra

Tech Mahindra

Tech Mahindra is a global leader in IT solutions, BPO, business consulting services & digital technologies.

International Accreditation Forum (IAF)

International Accreditation Forum (IAF)

The IAF is the world association of Conformity Assessment Accreditation Bodies. Its primary function is to develop a single worldwide programme of conformity assessment.

Global Cybersecurity Forum (GCF)

Global Cybersecurity Forum (GCF)

Global Cybersecurity Forum is a catalyst platform designed to create a more resilient and better cyberworld for all.

Kaspersky Industrial CyberSecurity (KICS)

Kaspersky Industrial CyberSecurity (KICS)

Kaspersky addresses all the cybersecurity needs of industrial organizations in its Kaspersky Industrial CyberSecurity (KICS) portfolio.

Guardara

Guardara

Guardara's mission is to help our customers to continuously improve in every aspect of software development.

EVOKE

EVOKE

EVOKE is an award-winning Digital Transformation company that partners with its clients to build digital workplace solutions for organizational challenges.

ABCsolutions

ABCsolutions

ABCsolutions is dedicated to assisting businesses and professionals achieve compliance with federal anti-money laundering regulations in an intelligent and pragmatic way.

Factmata

Factmata

Factmata is an social and news media monitoring and analytics product that uses AI to identify and track narratives online, highlighting those most likely to cause brand harm or misinform the public.

Black Girls In Cyber (BGiC)

Black Girls In Cyber (BGiC)

Black Girls In Cyber's mission is to increase industry awareness and diversity in cybersecurity, privacy, and STEM for women of color.

Green Enterprise Solutions

Green Enterprise Solutions

Green Enterprise Solutions are a Namibian company providing Information and Communication Technology (ICT) services to corporate Namibia.

The Security Bulldog

The Security Bulldog

The Security Bulldog distills and assimilates open source cyber intelligence to enable security teams to understand threats more quickly, make better decisions, and accelerate detection and response.

National Cybersecurity Alliance

National Cybersecurity Alliance

The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world.

Heron Technology

Heron Technology

Heron Technology are a technology solutions consultancy with core competencies in the areas of Cyber Security and Digital Aviation.