Protecting Medical Devices From Cyber Attacks

Uploaded on 2022-08-22 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-Health & Welfare

The healthcare industry has long been a target for cyber attack because of the vast amounts of health information and data such as patient health, product performance, or data from other devices connected to the same network that it holds.

This is the reason why medical devices need to have proper cyber security, which is critical in retaining patient trust in health care technology and clinical practice.

Like all technologies, with any medical device which runs on software, vigilance is required to avoid these devices being vulnerable to cyber security threats. As medical devices become more advanced and the number of Internet connected medical devices grows, it is crucial for healthcare organisations to make sure all their medical devices are secure. 

Patient Data

Patient data is considered the most valuable for criminal purposes and while manufacturers can ensure a high level of safety through testing, the security of connected devices (IoT), from pacemakers to monitoring devices, is a significant target. Attackers could potentially hack into those medical IoTs and steal access individual patient data.  Increasingly patient records are fully digitised and stored in the cloud and sensors used in hospitals carry sensitive information about patients which can be of vital importance if patient records become inaccessible.

Problems With Medical Devices

Using medical devices on clinical networks compounds three related issues:

  • As a medical device, security updates, patches and potentially virus signatures must be properly assessed by the supplier and confirmed as safe before they can be implemented on the medical device. This can take three months from the time that a security update is released.
  • When security updates are released, they are carefully analysed by attackers, increasing the likelihood that exploitable vulnerabilities will become known.
  • Without the latest security mitigations, the impact of vulnerabilities is greatly increased, making exploitation more likely to succeed, and making detection of any exploitation more difficult.

A Collaborative Initiative

Now, the University of Minnesota has established a new Center for Medical Device Cybersecurity (CMDC).The CMDC was formed in response to a request from members of the medical device manufacturing industry in the US to form a collaborative hub for discovery, outreach, and workforce training in the emerging device security field. 

The CMDC will foster university-industry-government collaborations to ensure that medical devices are both safe and secure from the growing number of cyber security threats. The new center builds on expertise from institutes and centers across the University in both the medical device and cyber security.

The CMDC will be housed within the Technological Leadership Institute (TLI), an interdisciplinary center within the College of Science and Engineering. The CMDC is founded and funded in large part by five US leading health industry companies.

In combination, these issues mean that high-impact security incidents become more likely to occur. Security incidents affecting connected medical devices can cause significant disruption to the delivery of healthcare services.

NHS Digital:    Promenade Software:     Secure-iC:      HelpNetSecurity:   Medical Device Network:      I-HLS

You Might Also Read: 

How To Prevent Healthcare Data Breaches:
 

« Blockchain Auditors Say $4m Crypto Theft Enabled By Logging Tech
Re-strategising Resilience In The Remote Working Age »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Information Security Systems (ISSCOM)

Information Security Systems (ISSCOM)

ISSCOM provide services to help companies implement Information Security Management Systems (ISMS) by providing consultancy and hands-on assistance.

HackCon Norway

HackCon Norway

HackCon is for the people who are interested in technology, psychology, IT and security, and who wants to improve their knowledge within these areas.

Gigacycle

Gigacycle

Gigacycle is one of the leading IT disposal and recycling providers in the UK. We specialise in IT asset disposal (ITAD) and data destruction.

Dale Peterson

Dale Peterson

Dale Peterson, a leading ICS security and control system IT information expert, provides consulting services to assess and improve the security of SCADA and DCS.

Cysiv

Cysiv

Cysiv SOC-as-a-Service combines all the elements of an advanced, proactive, threat hunting SOC, with a managed security stack for hybrid cloud, network, and endpoint security.

Cryptyk

Cryptyk

CRYPTYK CLOUD is the first complete enterprise-class cloud security solution that includes cloud storage and broad protection against all external and internal threats.

Strike Graph

Strike Graph

The Strike Graph GRC platform enables Security Audits & Certifications.

DataExpert Singapore

DataExpert Singapore

DataExpert Singapore provide solutions and services in the areas of Digital Forensics, Data Recovery, Data Duplication, Data Degaussing & Wiping, Data Destruction, and IT Disposal.

Beyond Encryption

Beyond Encryption

Mailock by Beyond Encryption is a secure email solution that allows businesses to exchange email securely, safe in the knowledge that their email can only be read by their intended recipient.

Otorio

Otorio

OTORIO delivers industrial cybersecurity and digital risk-management solutions and services. We help our customers to keep their revenue-generating operations resilient, efficient, and safe.

Sencode Cyber Security

Sencode Cyber Security

Sencode provides a range of IT security solutions and services, including penetration testing and cyber awareness training to help mitigate the growing risks to your corporate infrastructure.

Peris.ai

Peris.ai

Peris.ai is a cybersecurity as a service startup that protects businesses and organizations from online threats.

Knownsec

Knownsec

Knownsec provides customers with cloud defense, cloud monitoring, and cloud mapping products and services with "AI + security big data" as the underlying capability.

NetDescribe

NetDescribe

NetDescribe, part of Xantaro Group, advises and supports companies in building secure and stable IT environments.

Efex

Efex

Efex is one of Australia’s leading Managed Technology Solutions providers. We service local companies across Australia, providing accessible, fast and straightforward IT.

Symbiotic Security

Symbiotic Security

Symbiotic Security revolutionizes code security by integrating an AI-driven security coach directly within developers' IDEs.