Cybersecurity is one of the biggest issues in the digital age. The healthcare industry isn’t isolated from it. In fact, recent data from the FBI revealed that 25% of ransomware attacks were aimed at the healthcare industry. Such cybersecurity breaches can lead to seriously adverse outcomes for patients, including the theft of sensitive data.
As diagnostic devices become smarter and enter non-clinical spaces (e.g., patients’ homes, mobile devices), it’s important to ensure that cybersecurity threats are minimized as much as possible. CorDx is aware of the evolving use-cases of diagnostic technology and actively considers the data security implications in advance of designing any diagnostic.
A 2022 survey of IT and IT security experts in healthcare organizations reported that 89% of surveyed organizations had experienced at least one cyberattack in the past 12 months. The experts surveyed suggested that vulnerabilities such as unprotected devices connected to the “healthcare internet of things” (or the “internet of medical things”) were major contributors to ransomware attacks.
Regulatory Requirements for Cybersecurity in Medical Devices
Regulatory bodies have issued new guidelines for medical and diagnostic device manufacturers in response to ransomware and other cyberattacks targeting healthcare organizations. The US Food and Drug Administration (FDA), the European Commission, the Australian Therapeutic Goods Administration, and Health Canada have all published guidelines on how to meet cybersecurity requirements. For example, the FDA increased its assessment requirements for medical device cybersecurity, with a particular focus on their potential to compromise healthcare IT networks. The FDA guidelines include:
- Ensuring that appropriate safeguards are in place to reduce the impact of potential cybersecurity threats
- The use of “state-of-the-art” security techniques
- Maintaining market vigilance regarding their device, including risks associated with cybersecurity
Cybersecurity Protection for Medical Devices
The interconnectivity of diagnostic technology advances healthcare, but it also introduces significant vulnerabilities. Efforts to improve cybersecurity protection can be applied in two ways:
- Through diagnostic devices themselves
- Through the patient’s own personal cybersecurity practices
The FBI has also provided guidance and recommendations to minimize vulnerabilities associated with medical device design. The most significant findings by the FBI were outdated software and a lack of adequate security features. Moreover, improving cybersecurity protection for diagnostic devices (and frameworks) depends on the system’s connectivity ability, features, and how it collects, logs, or transmits data. Cybersecurity protection features for diagnostic devices may include:
- Secure Boot Loader: This ensures that only code from the supplier or trusted source can be executed. This can prevent hackers from replacing code and changing features of the device.
- Mutual Authentication: This ensures that data comes from a legitimate device and not a fraudulent source.
- Secure Communication/Encryption: This protects data transmitted from a device and received by service infrastructure (e.g., the cloud).
- Security Lifecycle Management: This allows service providers and manufacturers to control the security aspects of the device when in operation. This can assist in recovery and minimize service disruption.
- Security Monitoring and Analysis: Service providers should analyze data to detect security violations or potential system threats. This can include analyses of endpoint devices and connectivity traffic.
Manufacturers and service providers are not alone in upholding cybersecurity protection. The patient needs to be aware and vigilant against potential cybersecurity threats. Such cybersecurity protective measures are similar to those used by smart devices. These can include:
- The use of strong passwords.
- Changing the default settings of Wi-Fi routers and networks.
- The use of multifactor verifications.
- Ensuring that devices are kept updated.
original source: https://cordx.com/blog/cybersecurity-for-diagnostic-devices-what-you-need-to-know/
Company Name: CorDx
Email: Send Email
Phone: +1 (858) 333-1122
Address:3333 Piedmont Rd NE #700
State: GA, 30305
Country: United States