Protecting Medical Devices From Cyber Attacks

Uploaded on 2022-08-22 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-Health & Welfare

The healthcare industry has long been a target for cyber attack because of the vast amounts of health information and data such as patient health, product performance, or data from other devices connected to the same network that it holds.

This is the reason why medical devices need to have proper cyber security, which is critical in retaining patient trust in health care technology and clinical practice.

Like all technologies, with any medical device which runs on software, vigilance is required to avoid these devices being vulnerable to cyber security threats. As medical devices become more advanced and the number of Internet connected medical devices grows, it is crucial for healthcare organisations to make sure all their medical devices are secure. 

Patient Data

Patient data is considered the most valuable for criminal purposes and while manufacturers can ensure a high level of safety through testing, the security of connected devices (IoT), from pacemakers to monitoring devices, is a significant target. Attackers could potentially hack into those medical IoTs and steal access individual patient data.  Increasingly patient records are fully digitised and stored in the cloud and sensors used in hospitals carry sensitive information about patients which can be of vital importance if patient records become inaccessible.

Problems With Medical Devices

Using medical devices on clinical networks compounds three related issues:

  • As a medical device, security updates, patches and potentially virus signatures must be properly assessed by the supplier and confirmed as safe before they can be implemented on the medical device. This can take three months from the time that a security update is released.
  • When security updates are released, they are carefully analysed by attackers, increasing the likelihood that exploitable vulnerabilities will become known.
  • Without the latest security mitigations, the impact of vulnerabilities is greatly increased, making exploitation more likely to succeed, and making detection of any exploitation more difficult.

A Collaborative Initiative

Now, the University of Minnesota has established a new Center for Medical Device Cybersecurity (CMDC).The CMDC was formed in response to a request from members of the medical device manufacturing industry in the US to form a collaborative hub for discovery, outreach, and workforce training in the emerging device security field. 

The CMDC will foster university-industry-government collaborations to ensure that medical devices are both safe and secure from the growing number of cyber security threats. The new center builds on expertise from institutes and centers across the University in both the medical device and cyber security.

The CMDC will be housed within the Technological Leadership Institute (TLI), an interdisciplinary center within the College of Science and Engineering. The CMDC is founded and funded in large part by five US leading health industry companies.

In combination, these issues mean that high-impact security incidents become more likely to occur. Security incidents affecting connected medical devices can cause significant disruption to the delivery of healthcare services.

NHS Digital:    Promenade Software:     Secure-iC:      HelpNetSecurity:   Medical Device Network:      I-HLS

You Might Also Read: 

How To Prevent Healthcare Data Breaches:
 

« Blockchain Auditors Say $4m Crypto Theft Enabled By Logging Tech
Re-strategising Resilience In The Remote Working Age »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

KPMG

KPMG

KPMG s a leading provider of professional services including information technology and cyber security consulting.

RIVA Solutions

RIVA Solutions

RIVA provides innovative best practices in IT and management consulting, program support services and emerging technologies.

Blueliv

Blueliv

Blueliv is a leading provider of targeted cyber threat information and intelligence. We deliver automated and actionable threat intelligence to protect the enterprise and manage your digital risk.

Zurich

Zurich

Zurich is a leading multi-line insurer providing a wide range of property and casualty, and life insurance products and services in more than 210 countries and territories.

Korea Internet & Security Agency (KISA)

Korea Internet & Security Agency (KISA)

KISA is committed to improving the competitiveness, reliability and security of Internet information and knowledge in Korea.

Advanced Software Products Group (ASPG)

Advanced Software Products Group (ASPG)

ASPG offers a wide range of innovative mainframe software solutions for Data Security, Access Management, System Management and CICS productivity.

HvS Consulting

HvS Consulting

HvS Consulting is a specialist information security company offering a full range of services including IT security architecture, ISO 27001 audits, Pentesting, Security monitoring and Training.

SmartContractAudits.com

SmartContractAudits.com

SmartContractAudits.com is the leading platform for finding companies providing smart contract auditing services.

Cryptyk

Cryptyk

CRYPTYK CLOUD is the first complete enterprise-class cloud security solution that includes cloud storage and broad protection against all external and internal threats.

KDM Analytics

KDM Analytics

KDM Analytics software products automate the NIST risk management framework (RMF) assessment for operational technology (OT) systems.

Crypto International

Crypto International

Crypto International offers comprehensive services for the operation of our customers’ IT and communication infrastructure, with a focus on cybersecurity and encryption solutions.

Sectyne

Sectyne

Sectyne is a full-stack cyber consultancy committed to providing tailored services, advisory consultations, and training.

CyberCatch

CyberCatch

CyberCatch provides an innovative cybersecurity Software-as-a-Service (SaaS) platform designed for SMBs.

Globesecure Technologies

Globesecure Technologies

Globesecure Technologies is a networks and cyber security company. We are here to resolve business security challenges and secure the digital transformation journey of our clients.

Data Computer Services

Data Computer Services

Data Computer Services provides professional tailored IT Support and IT Services for businesses throughout Edinburgh and the Lothians.

Defend

Defend

DEFEND are 100% focused on providing managed cybersecurity solutions and services that make a real difference to the cyber resilience of your organisation.