Medical device cybersecurity: It’s time to get real

Medical device makers, regulators and healthcare delivery organizations are increasingly working together to strengthen cybersecurity. But are they doing enough?

[Original image courtesy of istockphoto.com]

[Original image courtesy of istockphoto.com]

Almost no one in the medtech industry disputes the vulnerability posed by cyberattacks. How to go about boosting security is another matter – one on which those stakeholders have recently stepped up their collaboration.

One group, the Healthcare & Public Sector Coordinating Council, thinks it has a solution: Health providers and other customers buying a connected medical device should be able to remotely access a cybersecurity bill of materials (CBOM) that would list all commercial, open-source and custom-code software. Available via remote access for customers, the CBOM would also include commercial hardware such as processers, network cards, sound cards, graphic cards and memory.

The council’s recently issued joint security plan calls for more vulnerability disclosures, notices of breaches, software and hardware upgrades and security patch availability. Companies would also need to notify customers before they end technical support for older devices.

“It’s this voluntary framework that establishes best practice for cybersecurity at a medical technology company,” council member Rob Suarez, director of product security at Becton Dickinson, told Medical Design & Outsourcing. “This joint security plan establishes the common ground which many medical device manufacturers, health IT vendors and healthcare providers agreed on.”

Some manufacturers have grumbled about providing hardware information in a CBOM, but an increasing number have pledged to publicly share vulnerability information should hackers breach one of their devices, including industry giants BD, Abbott, Siemens, Philips, Medtronic, Johnson & Johnson, Boston Scientific and Stryker.

Get the full story on our sister site Medical Design & Outsourcing. 

The post Medical device cybersecurity: It’s time to get real appeared first on MassDevice.

Medical IoT and the security challenges for healthcare: What you need to know

What do healthcare providers want from medical device manufacturers concerning network and device security?

Martin Nappi, Green Hills Software

healthcare IoT medical device medical device cybersecurity

[Image from Shutterstock]

The advent of the Internet of Things (IoT) has created enormous opportunity and profound challenges for any business looking to take on the digital transformation. But no industry faces more of a test to make this change than healthcare.

Organizations that want to embrace IoT can struggle for many years in the pursuit of “going digital” and still fail. Hospitals and other healthcare providers have all the operational complexities of other businesses with the added responsibilities of keeping their patients safe, ensuring patient health records are secure and keeping their facilities operational 24/7. Plus, the healthcare industry is a primary target of increasingly sophisticated cybercriminals looking to install ransomware to steal patient health records or harm patients with connected medical devices such as insulin pumps or pacemakers.

Get the full story on our sister site Medical Design & Outsourcing. 

The post Medical IoT and the security challenges for healthcare: What you need to know appeared first on MassDevice.

Building Safety and Security into Connected Medical Devices

Medical devices are being designed to encapsulate virtually all of the functionality and complexity within the software. Considering today’s technologically advanced threat landscape, building in safety and security has never been more important.

Cyber-criminals are using vulnerable network connected medical devices as a gateway to install malware on hospital networks. It is essential for manufacturers to secure their connected devices and use operating systems that provide foundational safety and security suitable for life critical applications.

 

The post Building Safety and Security into Connected Medical Devices appeared first on MassDevice.