The digital footprint of the healthcare landscape continues to expand as more and more medical devices come online, both next generation systems and legacy equipment, with many allowing remote access. Digital patient data continues to proliferate beyond the confines of the medical facility as well. This evolution necessitates a critical shift in focus onto digital security solutions that involve collaboration between device manufacturers and healthcare CIOs.
A recent report published by Gartner, Focus Now on Digital Security Opportunities Within Connected Medical Devices, shines a spotlight on three critical areas of impact on the digitalized healthcare industry:
- Impact of healthcare data breaches on bottom line and brand equity is now creating the need for dedicated digital security services
- Fuzzy regulations on digital security as a “Shared Responsibility” necessitate targeting medical device firms and healthcare providers
- Connecting “Legacy” medical devices designed for the siloed IT age is creating a need for dedicated digital security solutions
Much recent attention has been focused on the vulnerabilities and security threats that have been exposed in medical device endpoints. From the standpoint of Wibu-Systems, we consider medical device endpoints to represent the greatest vulnerabilities for hackers. These endpoints can include any type of connected medical system, such as surgery robots, X-ray machines, MRI scanners, dental devices, infusion pumps, and patient monitors.
Attacks on these endpoints can result in compromised device functionality, loss of data (medical or personal) availability, or integrity, or exposure of other connected devices or networks to security threats. These security breaches have the potential for catastrophic consequences resulting in patient illness, injury or even death.
We’ve worked with many companies on various aspects of medical device security, particularly on protecting medical device endpoints. Areas of focus include:
- physical security to prevent uncontrolled changes to or the removal of the endpoint root of trust to provide confidence on the endpoint identity
- integrity protection to ensure that the endpoint is in the configuration that enables it to perform its functions predictably
- access control to ensure that proper identification, authentication and authorization protocols are performed
- secure configuration and management to control updates of security policies and settings
- monitoring and analysis for integrity checking, detecting malicious usage patterns or denial of service activities, and enforcing security policies and analytics
- data protection to control data integrity, confidentiality and availability
- security model and policy for governing the implementation of security functions
If you are planning to attend the T4M Medical Technology Meeting in Stuttgart, Germany, May 7 – 9, 2019, I will present a talk on how the increasing network of connected medical devices makes security critical to prevent tampering with configuration data and secure the confidentiality and integrity of patients’ records. I will also discuss the potential for new business models that will benefit device manufacturers, operators, and patients.
You can also learn more about medical device security mechanism and monetization opportunities in our customer case studies from Agfa HealthCare, CUSTO MED, Dentsply Sirona, and Fritz Stephan.
